46624 matches found
WordPress SureForms plugin < 1.4.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.4.4...
WordPress CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin <= 4.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...
WordPress Construction Light theme < 1.6.8 - Subscriber+ Arbitrary Plugin Activation vulnerability
Subscriber+ Arbitrary Plugin Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Construction Light versions 1.6.8...
WordPress SecuPress Free - WordPress Security plugin <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode vulnerability
WordPress SecuPress Free - WordPress Security plugin = 2.2.5.3 - Authenticated Contributor+ Stored Cross-Site Scripting via secupresscheckbanipsform Shortcode vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin SecuPress Free versions = 2.2.5.3...
WordPress Welcart e-Commerce plugin <= 2.11.20 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability
Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Miguel Santareno in WordPress Plugin Welcart e-Commerce versions = 2.11.20...
WordPress Fintelligence Calculator plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Fintelligence Calculator versions = 1.0.3...
WordPress 3DPrint Lite plugin <= 2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text' vulnerability
Authenticated Admin+ SQL Injection via 'infilltext' vulnerability discovered by WordFence in WordPress Plugin 3DPrint Lite versions = 2.1.3.6...
WordPress Contact Form and Calls To Action by vcita plugin <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Contact Form and Calls To Action by vcita versions = 2.7.1...
WordPress MelaPress Login Security plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security versions 2.1.0...
WordPress MelaPress Login Security Premium plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security Premium versions 2.1.0...
WordPress Gosign - Posts Slider Block plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Gosign - Posts Slider Block plugin = 1.1.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv - Developer in WordPress Plugin Gosign – Posts Slider Block versions = 1.1.0...
WordPress eMagicOne Store Manager for WooCommerce plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image() vulnerability
Unauthenticated Arbitrary File Upload via setimage vulnerability discovered by Ryan Kozak in WordPress Plugin eMagicOne Store Manager versions = 1.2.5...
WordPress WC Builder plugin <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute vulnerability
Authenticated Shop Manager+ Stored Cross-Site Scripting via 'headingcolor' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin WC Builder versions = 1.2.0...
WordPress Age Restriction plugin <= 3.0.2 - Subscriber+ Privilege Escalation vulnerability
Subscriber+ Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...
WordPress Double the Donation plugin <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Double the Donation versions = 3.0.0...
WordPress Featured Image plugin <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Featured Image versions = 2.1...
WordPress Checkout Mestres do WP for WooCommerce plugin 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update vulnerability
WordPress Checkout Mestres do WP for WooCommerce plugin 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Checkout Mestres WP versions 8.6.5-8.7.5...
WordPress B1.lt for WooCommerce plugin <= 2.2.56 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin B1.lt for WooCommerce versions = 2.2.56...
WordPress Essential Addons for Elementor plugin <= 6.0.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.0.4...
WordPress Top Comments plugin <= 1.0 - Admin+ Stored Cross-Site Scripting vulnerability
Admin+ Stored Cross-Site Scripting vulnerability discovered by Steven Pereira aka Cursed, Anjali Kumari aka HexJello & Muktanand Kale aka Muktimantras in WordPress Plugin Top Comments versions = 1.0...
WordPress Supreme Modules Lite plugin <= 2.5.52 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Supreme Modules Lite versions = 2.5.52...
WordPress PDF Catalog for WooCommerce plugin <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by kr0d in WordPress Plugin PDF Catalog for WooCommerce versions = 1.1.18...
WordPress Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Unauthenticated SQL Injection vulnerability
WordPress Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin = 3.2.6 - Unauthenticated SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...
WordPress FooBox plugin <= 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Robert DeVore in WordPress Plugin FooBox Image Lightbox versions = 2.7.34...
WordPress WhyDonate - FREE Donate button - Crowdfunding - Fundraising plugin <= 4.0.15 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww Deletion vulnerability
WordPress WhyDonate - FREE Donate button - Crowdfunding - Fundraising plugin = 4.0.15 - Missing Authorization to Unauthenticated wpwdpluginstyle Rww Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Whydonate versions = 4.0.15...
WordPress WPBookit plugin <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability
Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update vulnerability discovered by kr0d in WordPress Plugin WPBookit versions = 1.0.2...
WordPress Ultimate Blocks plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via content Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Blocks versions = 3.2.7...
WordPress Pure WC Variation Swatches plugin <= 1.1.7 - Unauthenticated Settings Update vulnerability
Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Pure WC Variation Swatches versions = 1.1.7...
WordPress Polls CP plugin <= 1.0.75 - Admin+ Stored XSS via Custom Styles vulnerability
Admin+ Stored XSS via Custom Styles vulnerability discovered by Bob Matyas in WordPress Plugin CP Polls versions = 1.0.75...
WordPress Eventin plugin <= 4.0.37 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Gai Tanaka 63n0 in WordPress Plugin Eventin versions = 4.0.37...
WordPress The Wound theme <= 0.0.1 - Unauthenticated LFI vulnerability
Unauthenticated LFI vulnerability discovered by Aly Khaled in WordPress Theme The Wound versions = 0.0.1...
WordPress Depicter plugin <= 4.0.4 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Depicter Slider versions = 4.0.4...
WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management vulnerability
WordPress Fluent Booking - The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution plugin = 1.9.11 - Authenticated Subscriber+ Missing Authorization to Calendar Import and Management vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPre...
WordPress Featured Image via URL plugin <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload vulnerability
Authenticated Contributor+ Arbitrary FIle Upload vulnerability discovered by kr0d in WordPress Plugin Featured Image via URL versions = 0.1...
WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via content Parameter vulnerability discovered by lowol in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.5...
WordPress Downloable by American Osteopathic Association plugin <= 0.1.0 - Unauthenticated SSRF vulnerability
Unauthenticated SSRF vulnerability discovered by Aly Khaled in WordPress Plugin Aoa Downloadable versions = 0.1.0...
WordPress WP Church Donation plugin <= 1.7 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin WP Church Donation versions = 1.7...
WordPress Downloable by American Osteopathic Association plugin <= 0.1.0 - Unauthenticated Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download vulnerability discovered by Aly Khaled in WordPress Plugin Aoa Downloadable versions = 0.1.0...
WordPress Ultimate Blocks plugin <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Ultimate Blocks versions = 3.2.7...
WordPress Pinpoint Booking System plugin <= 2.9.9.5.4 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Pinpoint Booking System versions = 2.9.9.5.4...
WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Autoship Cloud for WooCommerce Subscription Products versions = 2.8.0...
WordPress Maps for WP plugin <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Maps for WP versions = 1.2.4...
WordPress Live Composer plugin <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode vulnerability
Authenticated Contributor+ PHP Object Injection via dslcmodulepostsoutput Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Page Builder: Live Composer versions = 2.0.2...
WordPress Email Notifications for Updates plugin <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Email Notifications for Updates versions = 1.1.6...
WordPress DethemeKit For Elementor plugin <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via De Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin DethemeKit For Elementor versions = 2.1.8...
WordPress Form Maker by 10Web plugin < 1.15.31 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ingatyev in WordPress Plugin Form Maker by 10Web versions 1.15.31...
WordPress Memberlite Shortcodes plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Memberlite Shortcodes versions = 1.4...
WordPress WP Directorybox Manager plugin <= 2.5 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Foxyyy in WordPress Plugin WP Directorybox Manager versions = 2.5...
WordPress GiveWP plugin <= 3.19.2 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by PetrusViet in WordPress Plugin GiveWP versions = 3.19.2...
WordPress Online Payments - Get Paid with PayPal, Square & Stripe plugin <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Online Payments - Get Paid with PayPal, Square & Stripe plugin = 3.20.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Online Payments – Get Paid with PayPal, Square & Stripe versions = 3.20.0...