46629 matches found
WordPress Memberlite Shortcodes plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Memberlite Shortcodes versions = 1.4...
WordPress WP Directorybox Manager plugin <= 2.5 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Foxyyy in WordPress Plugin WP Directorybox Manager versions = 2.5...
WordPress GiveWP plugin <= 3.19.2 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by PetrusViet in WordPress Plugin GiveWP versions = 3.19.2...
WordPress Online Payments - Get Paid with PayPal, Square & Stripe plugin <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Online Payments - Get Paid with PayPal, Square & Stripe plugin = 3.20.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Online Payments – Get Paid with PayPal, Square & Stripe versions = 3.20.0...
WordPress KiotViet Sync plugin <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...
WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions = 1.4.9...
WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Powpy in WordPress Plugin Ultimate Member Widgets for Elementor versions = 2.3...
WordPress Robo Gallery plugin <= 3.2.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Robo Gallery versions = 3.2.22...
WordPress Xpro Addons For Elementor plugin <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'Site Title' widget vulnerability discovered by Prissy - Developer in WordPress Plugin Xpro Elementor Addons versions = 1.4.7.1...
WordPress Generic Elements plugin <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Generic Elements versions = 1.2.8...
WordPress Ads Pro plugin <= 4.95 - Unauthenticated SQL Injection via site_id vulnerability
Unauthenticated SQL Injection via siteid vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.95...
WordPress Webcraftic Clearfy plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache vulnerability
Cross-Site Request Forgery to Clear Cache vulnerability discovered by Whit Taylor in WordPress Plugin Clearfy Cache versions = 2.3.1...
WordPress Arielbrailovsky-Viralad plugin <= 1.0.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by siyuan shao in WordPress Plugin ArielBrailovsky-ViralAd versions = 1.0.8...
WordPress NextGEN Gallery plugin <= 3.59.11 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin NextGEN Gallery versions = 3.59.11...
WordPress WP Featherlight plugin <= 1.3.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin WP Featherlight versions = 1.3.4...
WordPress Link Whisper Free plugin <= 0.8.8 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Link Whisper Free versions = 0.8.8...
WordPress Outdoor plugin <= 1.3.2 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by John Lee in WordPress Theme Outdoor versions = 1.3.2...
WordPress WordPress Auction plugin <= 3.7 - Editor+ Stored XSS vulnerability
Editor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WordPress Auction Plugin versions = 3.7...
WordPress Survey & Poll plugin <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WordPress Survey & Poll versions = 1.7.5...
WordPress Pagelayer plugin < 1.8.8 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Jeewan Kumar Bhatta in WordPress Plugin PageLayer versions 1.8.8...
WordPress NitroPack plugin <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Plugin NitroPack versions = 1.17.0...
WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter vulnerability
Unauthenticated Local File Inclusion via 'shortcodename' Parameter vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Extensive VC Addons for WPBakery page builder versions = 1.9.1...
WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Tom Broucke - Otomaties in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.1...
WordPress Return Refund and Exchange For WooCommerce plugin <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Refund Request Cancellation vulnerability discovered by Powpy in WordPress Plugin Return Refund and Exchange For WooCommerce versions = 4.5.5...
WordPress Inpersttion For Theme plugin <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call vulnerability
Authenticated Contributor+ Arbitrary Function Call vulnerability discovered by Peter Thaleikis in WordPress Plugin Inpersttion For Theme versions = 1.0...
WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action vulnerability
Missing Authorization to Unauthenticated 'ntzcrmaddnewtag' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...
WordPress ContentStudio plugin <= 1.3.7 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Contentstudio versions = 1.3.7...
WordPress Webcake plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Webcake versions = 1.1...
WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via SQLREPORT Shortcode vulnerability discovered by Gilang - DJ in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.11...
WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin <= 2.4.1 - Reflected Cross-Site Scripting vulnerability
WordPress ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin = 2.4.1 - Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin ClickWhale versions = 2.4.1...
WordPress ProfileGrid plugin <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection vulnerability
Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ProfileGrid versions = 5.9.4.5...
WordPress Ebook Store plugin < 5.8015 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ebook Store versions 5.8015...
WordPress Advanced iFrame plugin <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Host Header vulnerability discovered by omstaendlig in WordPress Plugin Advanced iFrame versions = 2024.5...
WordPress Course Booking System plugin <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export vulnerability
Missing Authorization to Unauthenticated Booking Data Export vulnerability discovered by Powpy in WordPress Plugin Course Booking System versions = 6.1.5...
WordPress Qubely plugin <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability discovered by Nishiv - Developer in WordPress Plugin Qubely versions = 1.8.12...
WordPress Zigaform plugin <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Zigaform – Price Calculator & Cost Estimation Form Builder Lite versions = 7.4.7...
WordPress Hide Categories Or Products On Shop Page plugin <= 1.0.7 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Hide Categories Or Products On Shop Page versions = 1.0.7...
WordPress Paid Membership Plugin plugin < 4.15.20 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ProfilePress versions 4.15.20...
WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter vulnerability
WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'stylesettings' parameter vulnerability discovered by mikemyers in WordPress Plugin Gravity Forms versions 2.9.0.1-2.9.1.3...
WordPress WP Abstracts plugin <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP Abstracts versions = 2.7.2...
WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin = 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin PostX versions = 5.0.3...
WordPress Bold Page Builder plugin <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'data-text' Parameter vulnerability discovered by Webbernaut in WordPress Plugin Bold Page Builder versions = 5.3.5...
WordPress WP Enabled SVG plugin <= 0.2 - Author+ Stored XSS via SVG vulnerability
Author+ Stored XSS via SVG vulnerability discovered by Pierre Rudloff in WordPress Plugin WP Enabled SVG versions = 0.2...
WordPress Binary MLM Woocommerce plugin <= 2.0 - Reflected Cross-Site Scripting via 'page' vulnerability
Reflected Cross-Site Scripting via 'page' vulnerability discovered by vgo0 in WordPress Plugin Binary MLM Woocommerce versions = 2.0...
WordPress B Slider- Gutenberg Slider Block for WP plugin <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Installation vulnerability
Authenticated Subscriber+ Missing Authorization to Arbitrary Plugin Installation vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 1.1.30...
WordPress Sertifier Certificate & Badge Maker plugin <= 1.19 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Sertifier Certificate & Badge Maker versions = 1.19...
WordPress WP Google Map plugin < 1.9.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Google Map versions 1.9.4...
WordPress WP jQuery DataTable plugin <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery DataTable versions = 4.0.1...
WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SKU Generator for WooCommerce versions = 1.6.2...
WordPress Zoho Flow plugin <= 2.14.1 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by wesley wcraft in WordPress Plugin Zoho Flow versions = 2.14.1...