46662 matches found
WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability
Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...
WordPress Simple WP Events plugin <= 1.8.17 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by khanhhnahk1 - VNPT Cyber Immunity in WordPress Plugin Simple WP Events versions = 1.8.17...
WordPress 3DPrint Lite plugin <= 2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text' vulnerability
Authenticated Admin+ SQL Injection via 'materialtext' vulnerability discovered by WordFence in WordPress Plugin 3DPrint Lite versions = 2.1.3.6...
WordPress Ultimate Member plugin <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ultimate Member versions = 2.11.0...
WordPress Widget for Google Reviews plugin <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion vulnerability
Authenticated Subscriber+ Directory Traversal to Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin Widget for Google Reviews versions = 1.0.15...
WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion vulnerability
Cross-Site Request Forgery to Survey Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...
WordPress Feedify - Web Push Notifications plugin < 2.4.6 - Reflected XSS vulnerability
WordPress Feedify - Web Push Notifications plugin 2.4.6 - Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Feedify – Web Push Notifications versions 2.4.6...
WordPress WP MultiTasking plugin <= 0.1.12 - Header/Footer/Body Script Update via CSRF vulnerability
Header/Footer/Body Script Update via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...
WordPress Translate This plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via base_lang Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via baselang Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Translate This gTranslate Shortcode versions = 1.0...
WordPress SKT Blocks - Gutenberg based Page Builder plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress SKT Blocks - Gutenberg based Page Builder plugin = 1.7 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin SKT Blocks versions = 1.7...
WordPress 3D FlipBook - Lite Edition plugin <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters vulnerability
WordPress 3D FlipBook - Lite Edition plugin = 1.16.15 - Authenticated Contributor+ Stored Cross-Site Scripting via style and mode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery versions = 1.16.15...
WordPress Ajax Load More plugin < 2.8.1.2 - Subscriber+ File Upload & Deletion vulnerability
Subscriber+ File Upload & Deletion vulnerability discovered by PizzaHatHacker in WordPress Plugin Ajax Load More versions 2.8.1.2...
Travel Tour < 5.2.4 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Amine SAJID in WordPress Theme Travel Tour versions 5.2.4...
WordPress Carousel Slider plugin <= 2.2.14 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel Slider versions = 2.2.14...
WordPress SlingBlocks plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin SlingBlocks versions = 1.6.0...
WordPress WooCommerce HSS Extension for Streaming Video plugin <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter vulnerability
Reflected Cross-Site Scripting via videolink Parameter vulnerability discovered by vgo0 in WordPress Plugin WooCommerce HSS Extension for Streaming Video versions = 3.31...
WordPress IRM Newsroom plugin <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmcalendarview' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'irmcalendarview' Shortcode vulnerability discovered by Chuck - None in WordPress Plugin IRM Newsroom versions = 1.2.19...
WordPress AVIF & SVG Uploader plugin <= 1.1.0 - Author+ Stored XSS via SVG Uplaod vulnerability
Author+ Stored XSS via SVG Uplaod vulnerability discovered by Bob Matyas in WordPress Plugin AVIF & SVG Uploader versions = 1.1.0...
WordPress CYAN Backup plugin < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings vulnerability
Admin+ Stored XSS via Remote Storage Settings vulnerability discovered by Bob Matyas in WordPress Plugin CYAN Backup versions 2.5.3...
WordPress Genesis Blocks plugin < 3.1.4 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Genesis Blocks versions 3.1.4...
WordPress Master Slider - Responsive Touch Slider plugin <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode vulnerability
WordPress Master Slider - Responsive Touch Slider plugin = 3.10.6 - Authenticated Contributor+ Stored Cross-Site Scripting via mslayer Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Master Slider versions = 3.10.6...
WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin <= 6.91 - Unauthenticated PHP Object Injection vulnerability
WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin = 6.91 - Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin ZoomSounds versions = 6.91...
WordPress IRM Newsroom plugin <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability discovered by Chuck - None in WordPress Plugin IRM Newsroom versions = 1.2.19...
WordPress Piotnet Addons For Elementor plugin <= 2.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Piotnet Addons For Elementor versions = 2.4.36...
WordPress ProfilePress plugin < 4.15.20 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ProfilePress versions 4.15.20...
WordPress JS Archive List plugin <= 6.1.5 - Unauthenticated SQL Injection via build_sql_where Function vulnerability
Unauthenticated SQL Injection via buildsqlwhere Function vulnerability discovered by mikemyers in WordPress Plugin JS Archive List versions = 6.1.5...
WordPress ABC Notation plugin <= 6.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin ABC Notation versions = 6.1.3...
WordPress Ultimate Classified Listings plugin <= 1.6 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by Gilang - DJ in WordPress Plugin Ultimate Classified Listings versions = 1.6...
WordPress CiyaShop - Multipurpose WooCommerce Theme plugin <= 4.19.0 - Unauthenticated PHP Object Injection vulnerability
WordPress CiyaShop - Multipurpose WooCommerce Theme plugin = 4.19.0 - Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme CiyaShop versions = 4.19.0...
WordPress Royal Elementor Addons and Templates plugin <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1017...
WordPress Bookit plugin < 2.5.1 - Unauthenticated Settings Update vulnerability
Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin BookIt versions 2.5.1...
WordPress Booking Calendar and Notification plugin <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions vulnerability
Missing Authorization via wpcballbookings, wpcbupdatebookingpost, and wpcbdeleteposts Functions vulnerability discovered by WordFence in WordPress Plugin Booking Calendar and Notification versions = 4.0.3...
WordPress Listamester plugin <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Listamester versions = 2.3.4...
WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS via ToC Block vulnerability
Contributor+ Stored XSS via ToC Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...
WordPress WP Online Users Stats plugin <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter vulnerability
Authenticated Editor+ SQL Injection via tablename Parameter vulnerability discovered by rajanhoyr in WordPress Plugin WP Online Users Stats versions = 1.0.0...
WordPress SlingBlocks plugin <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv - Developer in WordPress Plugin SlingBlocks versions = 1.5.0...
WordPress Directory Listings WordPress plugin - uListing plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection vulnerability
WordPress Directory Listings WordPress plugin - uListing plugin = 2.2.0 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Update and PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin uListing versions = 2.2.0...
WordPress Taxi Booking Manager for Woocommerce | E-cab plugin <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover vulnerability
Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 1.3.0...
WordPress DiviTorque plugin <= 4.0.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin DiviTorque – Divi Theme, Divi Builder and Extra Theme versions = 4.0.5...
WordPress Omnipress plugin <= 1.6.5 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Kai Aizen in WordPress Plugin Omnipress versions = 1.6.5...
WordPress Community Events plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Community Events versions = 1.5.1...
WordPress CoSign Single Signon plugin <= 0.3.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin CoSign Single Signon versions = 0.3.1...
WordPress GiveWP - Donation plugin and Fundraising Platform plugin <= 4.6.0 - Unauthenticated Donor Data Exposure vulnerability
WordPress GiveWP - Donation plugin and Fundraising Platform plugin = 4.6.0 - Unauthenticated Donor Data Exposure vulnerability discovered by WordFence in WordPress Plugin GiveWP versions = 4.6.0...
WordPress Five Star Restaurant Reservations plugin <= 2.7.5 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.5...
WordPress Bold Page Builder plugin <= 5.1.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Bold Page Builder versions = 5.1.2...
WordPress Survey Maker plugin <= 5.1.9.4 - Missing Authorization to Unauthenticated Limited Option Update vulnerability
Missing Authorization to Unauthenticated Limited Option Update vulnerability discovered by DityaRA in WordPress Plugin Survey Maker versions = 5.1.9.4...
WordPress Lexicata plugin <= 1.0.16 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Lexicata versions = 1.0.16...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty vulnerability
Missing Authorization to Authenticated Subscriber+ Trash Empty vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...
WordPress Prisna GWT plugin < 1.4.14 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Prisna GWT – Google Website Translator versions 1.4.14...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability discovered by WordFence in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.8...