46662 matches found
WordPress JetFormBuilder plugin <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation vulnerability
Missing Authorization to Unauthenticated Form Generation vulnerability discovered by Tri Firdyanto Firdy - ZeroByte in WordPress Plugin JetFormBuilder versions = 3.5.3...
WordPress Tainacan plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability
Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation vulnerability discovered by Deadbee - NA in WordPress Plugin Tainacan versions = 1.0.1...
WordPress Post Saint plugin <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Post Saint versions = 1.3.1...
WordPress WordPress Webinar Plugin - WebinarPress plugin <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates vulnerability
WordPress WordPress Webinar Plugin - WebinarPress plugin = 1.33.24 - Missing Authorization to Authenticated Subscriber+ Webinar Updates vulnerability discovered by Lucio Sá in WordPress Plugin WebinarPress versions = 1.33.24...
WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via scfslocalbusiness Shortcode vulnerability discovered by shaman0x01 - Shaman Red Team in WordPress Plugin Structured Content versions = 1.6.3...
WordPress IDonate - Blood Donation, Request And Donor Management System plugin <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability
WordPress IDonate - Blood Donation, Request And Donor Management System plugin = 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Varakorn Chanthasri iCreaM in WordPress Plugin IDonate versions = 2.1.14...
WordPress TableOn plugin <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via tableonpopupiframebutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin TableOn versions = 1.0.4.1...
WordPress TaxoPress plugin <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause vulnerability
Authenticated Contributor+ SQL Injection via ORDER BY Clause vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin TaxoPress versions = 3.40.1...
WordPress eRoom - Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin <= 1.5.6 - Unauthenticated Sensitive Information Exposure vulnerability
WordPress eRoom - Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin = 1.5.6 - Unauthenticated Sensitive Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin eRoom versions = 1.5.6...
WordPress MultiVendorX plugin <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion vulnerability
Incorrect Authorization to Authenticated Contributor+ Arbitrary Post Deletion vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin MultiVendorX versions = 4.2.22...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability
Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin Contact Form Entries versions = 1.4.3...
WordPress Bread & Butter plugin <= 7.11.1374 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability
Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Bread & Butter versions = 7.11.1374...
WordPress Web to SugarCRM Lead plugin <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion vulnerability
Cross-Site Request Forgery to Custom Field Deletion vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Web to SugarCRM Lead versions = 1.0.0...
WordPress Pixter Right Click Protect Images for WordPress plugin <= 1.2 - Supply Chain Compromise vulnerability
Supply Chain Compromise vulnerability discovered by Mike Gozdiskowski in WordPress Plugin Pixter Right Click Protect Images for WordPress versions = 1.2...
WordPress YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.7 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin YouTube Embed, Playlist and Popup by WpDevArt versions = 2.6.7...
WordPress Easy Jump Links Menus plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Easy Jump Links Menus versions = 1.0.0...
WordPress WP VR plugin <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin WP VR versions = 8.5.32...
WordPress Dyn Business Panel plugin <= 1.0.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Dyn Business Panel versions = 1.0.0...
WordPress WPvivid Backup & Migration plugin <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation vulnerability
Authenticated Admin+ Arbitrary Directory Creation vulnerability discovered by blue0x1 in WordPress Plugin WPvivid Backup and Migration versions = 0.9.120...
WordPress Compare Products for WooCommerce plugin <= 3.2.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Compare Products for WooCommerce versions = 3.2.1...
WordPress Modula Image Gallery plugin <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing vulnerability
Missing Authorization to Arbitrary Directory Listing vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Modula Image Gallery versions = 2.13.3...
WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...
WordPress Markup Markdown plugin < 3.20.10 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Markup Markdown versions 3.20.10...
WordPress Product Import Export for WooCommerce plugin <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function vulnerability
Directory Traversal to Authenticated Administrator+ Limited Arbitrary File Deletion via adminlogpage Function vulnerability discovered by HayMiz in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.0...
WordPress Pearl plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion vulnerability
Cross-Site Request Forgery to Header Deletion vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin Pearl versions = 1.3.8...
WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint vulnerability
Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrmchangepassword' AJAX Endpoint vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...
WordPress Auto Thumbnailer plugin <= 1.0 - Authenticated (Contributor+) Arbitrary File Upload vulnerability
Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Auto Thumbnailer versions = 1.0...
WordPress Frontend Post Submission Manager Lite plugin <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Post Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend Post Submission Manager Lite versions = 1.2.5...
WordPress Happy Addons for Elementor plugin <= 3.12.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Happy Addons for Elementor versions = 3.12.2...
WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Responsive Lightbox versions = 2.4.7...
WordPress Premium Addons for Elementor plugin <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content' vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure via 'gettemplatecontent' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...
WordPress Image Magnify plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Image Magnify versions = 1.1...
WordPress Marketplace Items plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'marketplace' Shortcode vulnerability discovered by zakaria in WordPress Plugin Marketplace Items versions = 1.5.5...
WordPress Zigaform plugin <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Zigaform versions = 7.4.7...
WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...
WordPress CBX Map for Google Map & OpenStreetMap plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin CBX Map for Google Map & OpenStreetMap versions = 2.0.1...
WordPress OceanWP theme <= 3.6.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Theme OceanWP versions = 3.6.0...
WordPress WP Ghost plugin <= 5.4.01 - Unauthenticated Limited File Read vulnerability
Unauthenticated Limited File Read vulnerability discovered by mikemyers in WordPress Plugin Hide My WP Ghost versions = 5.4.01...
WordPress Total Contest Lite plugin < 2.9.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin TotalContest Lite versions 2.9.0...
WordPress Easy Image Gallery plugin <= 1.5.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Easy Image Gallery versions = 1.5.2...
WordPress Norby AI plugin <= 1.0.3 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Norby AI versions = 1.0.3...
WordPress Ocean Extra plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'oceangalleryid' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ocean Extra versions = 2.4.6...
WordPress XCloner plugin <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability
Cross-Site Request Forgery in XclonerRemoteStorage:save vulnerability discovered by Rafshanzani Suhada in WordPress Plugin XCloner versions = 4.8.2...
WordPress Jetpack Boost plugin < 3.4.7 - Admin+ SSRF vulnerability
Admin+ SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Plugin Jetpack Boost versions 3.4.7...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.4...
WordPress tagDiv Composer plugin <= 5.3 - Reflected Cross-Site Scripting via 'data' vulnerability
Reflected Cross-Site Scripting via 'data' vulnerability discovered by Truoc Phan - Techlab Corporation in WordPress Plugin tagDiv Composer versions = 5.3...
WordPress Unlimited Elements For Elementor plugin <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.135...
WordPress Responsive Thumbnail Slider plugin < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Arash Khazaei in WordPress Plugin Thumbnail carousel slider versions 1.0.1...
WordPress Simple Map No Api plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by zaim in WordPress Plugin Simple Map No Api versions = 1.9...
WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ninja Forms versions 3.10.1...