46629 matches found
WordPress Royal Elementor Addons and Templates plugin <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Royal Elementor Addons versions = 1.7.1012...
WordPress EPROLO Dropshipping plugin <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Tracking Data Modification vulnerability discovered by Legion Hunter in WordPress Plugin EPROLO Dropshipping versions = 2.3.1...
WordPress Ads Pro plugin <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id' vulnerability
Unauthenticated Time-Based SQL Injection via ‘bsaproid' vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.89...
WordPress Icegram Engage plugin < 3.1.32 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Icegram versions 3.1.32...
WordPress WP Easy FAQs plugin <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode vulnerability
Authenticated Author+ Stored Cross-Site Scripting via WPEASYFAQ Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Easy FAQs versions = 1.0.5...
WordPress Image License and Protection plugin <= 1.0 - Supply Chain Compromise vulnerability
Supply Chain Compromise vulnerability discovered by Mike Gozdiskowski in WordPress Plugin Image License and Protection versions = 1.0...
WordPress Action Network plugin <= 1.4.4 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Action Network versions = 1.4.4...
WordPress Relevanssi Premium plugin <= 2.27.6 - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights vulnerability
Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights vulnerability discovered by Jack Taylor in WordPress Plugin Relevanssi Premium versions = 2.27.6...
WordPress s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin <= 241216 - Reflected Cross-Site Scripting vulnerability
WordPress s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin = 241216 - Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin s2Member versions = 241216...
WordPress Calculated Fields Form plugin < 5.2.62 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Calculated Fields Form versions 5.2.62...
WordPress Linear plugin <= 2.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Linear versions = 2.7.12...
WordPress Post Grid, Slider & Carousel Ultimate - with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() vulnerability
WordPress Post Grid, Slider & Carousel Ultimate - with Shortcode, Gutenberg Block & Elementor Widget plugin = 1.6.10 - Authenticated Contributor+ Local File Inclusion via posttypeajaxhandler vulnerability discovered by Hiroho Shimada in WordPress Plugin Post Grid, Slider & Carousel Ultimate...
WordPress ContentStudio plugin <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload vulnerability
Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Contentstudio versions = 1.3.7...
WordPress Small Package Quotes - Worldwide Express Edition plugin <= 5.2.18 - Unauthenticated SQL Injection vulnerability
WordPress Small Package Quotes - Worldwide Express Edition plugin = 5.2.18 - Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.18...
WordPress Gutentor plugin <= 3.4.9 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Gutentor versions = 3.4.9...
WordPress Advanced Google reCAPTCHA plugin <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter vulnerability
Authenticated Subscriber+ Limited SQL Injection via 'sSearch' Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin Advanced Google reCAPTCHA versions = 1.29...
WordPress Image Optimizer by wps.sk plugin <= 1.2.0 - Cross-Site Request Forgery to Bulk Image Optimization vulnerability
Cross-Site Request Forgery to Bulk Image Optimization vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Image Optimizer by wps.sk versions = 1.2.0...
WordPress SureForms plugin <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tiến Dũng Nguyễn in WordPress Plugin SureForms versions = 2.2.0...
WordPress Elementor Pro plugin <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Tonn in WordPress Plugin Elementor Pro versions = 3.29.0...
WordPress Ultimate Blocks plugin <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Ultimate Blocks versions = 3.3.3...
WordPress Cost Calculator Builder plugin <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions vulnerability
Authenticated Subscriber+ Missing Authorization via getccorders/updateorderstatus Functions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Cost Calculator Builder versions = 3.5.32...
WordPress WP MultiTasking plugin <= 0.1.12 - Permalink Suffix Update via CSRF vulnerability
Permalink Suffix Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...
WordPress Private Google Calendars plugin <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Private Google Calendars versions = 20250811...
WordPress Widget4call plugin <= 1.0.7 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Widget4Call versions = 1.0.7...
WordPress RapidLoad plugin <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Limited Setting Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Setting Reset vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin RapidLoad versions = 2.4.4...
WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability
Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...
WordPress Simple WP Events plugin <= 1.8.17 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by khanhhnahk1 - VNPT Cyber Immunity in WordPress Plugin Simple WP Events versions = 1.8.17...
WordPress 3DPrint Lite plugin <= 2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text' vulnerability
Authenticated Admin+ SQL Injection via 'materialtext' vulnerability discovered by WordFence in WordPress Plugin 3DPrint Lite versions = 2.1.3.6...
WordPress Ultimate Member plugin <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ultimate Member versions = 2.11.0...
WordPress Widget for Google Reviews plugin <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion vulnerability
Authenticated Subscriber+ Directory Traversal to Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin Widget for Google Reviews versions = 1.0.15...
WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion vulnerability
Cross-Site Request Forgery to Survey Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...
WordPress Feedify - Web Push Notifications plugin < 2.4.6 - Reflected XSS vulnerability
WordPress Feedify - Web Push Notifications plugin 2.4.6 - Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Feedify – Web Push Notifications versions 2.4.6...
WordPress WP MultiTasking plugin <= 0.1.12 - Header/Footer/Body Script Update via CSRF vulnerability
Header/Footer/Body Script Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...
WordPress Translate This plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via base_lang Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via baselang Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Translate This gTranslate Shortcode versions = 1.0...
WordPress SKT Blocks - Gutenberg based Page Builder plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress SKT Blocks - Gutenberg based Page Builder plugin = 1.7 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin SKT Blocks versions = 1.7...
WordPress 3D FlipBook - Lite Edition plugin <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters vulnerability
WordPress 3D FlipBook - Lite Edition plugin = 1.16.15 - Authenticated Contributor+ Stored Cross-Site Scripting via style and mode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery versions = 1.16.15...
WordPress Ajax Load More plugin < 2.8.1.2 - Subscriber+ File Upload & Deletion vulnerability
Subscriber+ File Upload & Deletion vulnerability discovered by PizzaHatHacker in WordPress Plugin Ajax Load More versions 2.8.1.2...
Travel Tour < 5.2.4 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Amine SAJID in WordPress Theme Travel Tour versions 5.2.4...
WordPress Carousel Slider plugin <= 2.2.14 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel Slider versions = 2.2.14...
WordPress SlingBlocks plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin SlingBlocks versions = 1.6.0...
WordPress WooCommerce HSS Extension for Streaming Video plugin <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter vulnerability
Reflected Cross-Site Scripting via videolink Parameter vulnerability discovered by vgo0 in WordPress Plugin WooCommerce HSS Extension for Streaming Video versions = 3.31...
WordPress IRM Newsroom plugin <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmcalendarview' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'irmcalendarview' Shortcode vulnerability discovered by Chuck - None in WordPress Plugin IRM Newsroom versions = 1.2.19...
WordPress AVIF & SVG Uploader plugin <= 1.1.0 - Author+ Stored XSS via SVG Uplaod vulnerability
Author+ Stored XSS via SVG Uplaod vulnerability discovered by Bob Matyas in WordPress Plugin AVIF & SVG Uploader versions = 1.1.0...
WordPress CYAN Backup plugin < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings vulnerability
Admin+ Stored XSS via Remote Storage Settings vulnerability discovered by Bob Matyas in WordPress Plugin CYAN Backup versions 2.5.3...
WordPress Genesis Blocks plugin < 3.1.4 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Genesis Blocks versions 3.1.4...
WordPress Master Slider - Responsive Touch Slider plugin <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode vulnerability
WordPress Master Slider - Responsive Touch Slider plugin = 3.10.6 - Authenticated Contributor+ Stored Cross-Site Scripting via mslayer Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Master Slider versions = 3.10.6...
WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin <= 6.91 - Unauthenticated PHP Object Injection vulnerability
WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin = 6.91 - Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin ZoomSounds versions = 6.91...
WordPress IRM Newsroom plugin <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability discovered by Chuck - None in WordPress Plugin IRM Newsroom versions = 1.2.19...
WordPress Piotnet Addons For Elementor plugin <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Piotnet Addons For Elementor versions = 2.4.36...
WordPress ProfilePress plugin < 4.15.20 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ProfilePress versions 4.15.20...