46681 matches found
WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...
WordPress CBX Map for Google Map & OpenStreetMap plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin CBX Map for Google Map & OpenStreetMap versions = 2.0.1...
WordPress OceanWP theme <= 3.6.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Theme OceanWP versions = 3.6.0...
WordPress WP Ghost plugin <= 5.4.01 - Unauthenticated Limited File Read vulnerability
Unauthenticated Limited File Read vulnerability discovered by mikemyers in WordPress Plugin Hide My WP Ghost versions = 5.4.01...
WordPress Total Contest Lite plugin < 2.9.0 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin TotalContest Lite versions 2.9.0...
WordPress Easy Image Gallery plugin <= 1.5.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Easy Image Gallery versions = 1.5.2...
WordPress Norby AI plugin <= 1.0.3 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Norby AI versions = 1.0.3...
WordPress Ocean Extra plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'oceangalleryid' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ocean Extra versions = 2.4.6...
WordPress XCloner plugin <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability
Cross-Site Request Forgery in XclonerRemoteStorage:save vulnerability discovered by Rafshanzani Suhada in WordPress Plugin XCloner versions = 4.8.2...
WordPress Jetpack Boost plugin < 3.4.7 - Admin+ SSRF vulnerability
Admin+ SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Plugin Jetpack Boost versions 3.4.7...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.4...
WordPress tagDiv Composer plugin <= 5.3 - Reflected Cross-Site Scripting via 'data' vulnerability
Reflected Cross-Site Scripting via 'data' vulnerability discovered by Truoc Phan - Techlab Corporation in WordPress Plugin tagDiv Composer versions = 5.3...
WordPress Unlimited Elements For Elementor plugin <= 1.5.135 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.135...
WordPress Responsive Thumbnail Slider plugin < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Arash Khazaei in WordPress Plugin Thumbnail carousel slider versions 1.0.1...
WordPress Simple Map No Api plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by zaim in WordPress Plugin Simple Map No Api versions = 1.9...
WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ninja Forms versions 3.10.1...
WordPress WP Front-end login and register plugin <= 2.1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Yamil in WordPress Plugin WP Front-end login and register versions = 2.1.0...
WordPress Qyrr plugin <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload vulnerability
Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by CVEhunter in WordPress Plugin Qyrr versions = 2.0.7...
WordPress Spexo Addons for Elementor plugin <= 1.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Sastra Essential Addons for Elementor versions = 1.0.23...
WordPress Jobify theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation vulnerability
Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation vulnerability discovered by Lucio Sá in WordPress Theme Jobify versions = 4.2.7...
WordPress Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation vulnerability
WordPress Motors - Car Dealer, Classifieds & Listing plugin = 1.4.57 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion and Listing Template Creation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Motors versions = 1.4.57...
WordPress Golo theme <= 1.7.0 - Authentication Bypass to Account Takeover vulnerability
Authentication Bypass to Account Takeover vulnerability discovered by Foxyyy in WordPress Theme Golo versions = 1.7.0...
WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts vulnerability
Authenticated Admin+ PHP Object Injection via wpaicgexportprompts vulnerability discovered by Tran Anh Duc in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...
WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ninja Forms versions 3.10.1...
WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...
WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting via uxcbpageoptionssave vulnerability discovered by István Márton - Wordfence in WordPress Plugin BM Content Builder versions = 3.16.2.1...
WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates vulnerability
Authenticated Contributor+ Sensitive Information Exposure via Elementor Templates vulnerability discovered by Ankit Patel in WordPress Plugin RTMKit versions = 1.5.2...
WordPress VK All in One Expansion Unit plugin <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin VK All in One Expansion Unit versions = 9.112.1...
WordPress Takeads plugin <= 1.0.13 - Missing Authorization to Plugin Settings Deletion vulnerability
Missing Authorization to Plugin Settings Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Takeads versions = 1.0.13...
WordPress Eyewear prescription form plugin <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion vulnerability discovered by WordFence in WordPress Plugin Eyewear prescription form versions = 6.0.1...
WordPress Feedback Modal for Website plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter vulnerability
Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'exportdata' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin Feedback Modal for Website versions = 1.0.1...
WordPress SSP Debug plugin <= 1.0.0 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin SSP Debug versions = 1.0.0...
WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Cookie Notice & Compliance for GDPR / CCPA versions = 2.5.8...
WordPress Music Sheet Viewer plugin <= 4.1 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Peter Thaleikis in WordPress Plugin Music Sheet Viewer versions = 4.1...
WordPress Kona Gallery Block plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv - Developer in WordPress Plugin Kona Gallery Block versions = 1.7...
WordPress Team Rosters plugin <= 4.7 - Reflected Cross-Site Scripting via 'tab' vulnerability
Reflected Cross-Site Scripting via 'tab' vulnerability discovered by vgo0 in WordPress Plugin Team Rosters versions = 4.7...
WordPress Crelly Slider plugin < 1.4.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Crelly Slider versions 1.4.7...
WordPress 3DPrint Lite plugin <= 2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text' vulnerability
Authenticated Admin+ SQL Injection via 'coatingtext' vulnerability discovered by WordFence in WordPress Plugin 3DPrint Lite versions = 2.1.3.6...
WordPress Booking Calendar plugin <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Booking Calendar versions = 10.14.6...
WordPress Simple User Registration plugin <= 6.3 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Chuck - None in WordPress Plugin Simple User Registration versions = 6.3...
WordPress Service Finder Bookings plugin < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability
Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by Thái An in WordPress Plugin Service Finder Booking versions 6.1...
WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'bbptopictitle' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...
WordPress Dynamic AJAX Product Filters for WooCommerce plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Dynamic AJAX Product Filters for WooCommerce versions = 1.3.7...
WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...
WordPress Binary MLM Plan plugin <= 3.0 - Unauthenticated Limited Privilege Escalation vulnerability
Unauthenticated Limited Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Binary MLM Plan versions = 3.0...
WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.2 - Authenticated (Subscriber+) Missing Authorization to Modify Accessibility Settings vulnerability
Authenticated Subscriber+ Missing Authorization to Modify Accessibility Settings vulnerability discovered by Peerapat Samatathanyakorn - Thai Team CVE in WordPress Plugin CodeConfig Accessibility versions = 1.0.2...
WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Ultimate Dashboard versions 3.8.6...
WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Stored XSS via Shortcode vulnerability
Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Twitter Bootstrap Collapse aka Accordian Shortcode versions = 1.0...
WordPress School Management System plugin <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload vulnerability
Authenticated Student+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin School Management versions = 93.2.0...
WordPress Likes and Dislikes Plugin plugin <= 1.0.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Likes and Dislikes versions = 1.0.0...