45948 matches found
WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Certus Cybersecurity in WordPress Plugin Add Custom Codes versions = 4.80...
WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin SMS Alert Order Notifications versions = 3.8.8...
WordPress Tablesome plugin <= 1.1.34 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Certus Cybersecurity in WordPress Plugin Tablesome versions = 1.1.34...
WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Formstack Online Forms versions = 2.0.2...
WordPress Constant Contact + WooCommerce plugin <= 2.4.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Constant Contact + WooCommerce versions = 2.4.1...
WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Master Addons for Elementor versions = 2.0.9.9.4...
WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Custom Layouts – Post + Product grids made easy versions = 1.4.12...
WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Envo Extra versions = 1.9.11...
WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Thank You Page Customizer for WooCommerce versions = 1.1.8...
WordPress Nouri.sh Newsletter plugin <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Nouri.sh Newsletter versions = 1.0.1.3...
WordPress Jabbernotification plugin <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability
Reflected Cross-Site Scripting via admin.php PATHINFO vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Jabbernotification versions = 0.99-RC2...
WordPress Time Sheets plugin <= 2.1.3 - Use of Known Vulnerable Component vulnerability
Use of Known Vulnerable Component vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Time Sheets versions = 2.1.3...
WordPress Twitscription plugin <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability
Reflected Cross-Site Scripting via admin.php PATHINFO vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Twitscription versions = 0.1.1...
WordPress dream gallery plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability discovered by dayea song - Ahnlab in WordPress Plugin dream gallery versions = 1.0...
WordPress WP-SOS-Donate Donation Sidebar Plugin plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WP-SOS-Donate versions = 0.9.2...
WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated Local File Inclusion via controller vulnerability
Unauthenticated Local File Inclusion via controller vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...
WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated SQL Injection via auction_id vulnerability
Unauthenticated SQL Injection via auctionid vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...
WordPress User Verification plugin <= 2.0.44 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by luckybuddy in WordPress Plugin User Verification versions = 2.0.44...
WordPress MultiParcels Shipping For WooCommerce plugin <= 1.30.12 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin MultiParcels Shipping For WooCommerce versions = 1.30.12...
WordPress Wp Social Login and Register Social Counter plugin <= 3.1.3 - Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability
Missing Authorization in Cache REST Endpoints to Social Counter Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Wp Social versions = 3.1.3...
WordPress User Generator and Importer plugin <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability
Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability discovered by Ivan Cese in WordPress Plugin User Generator and Importer versions = 1.2.2...
WordPress Projectopia – WordPress Project Management plugin <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Projectopia versions = 5.1.19...
WordPress CryptX plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CryptX versions = 4.0.5...
WordPress Trail Manager plugin <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by ChamlaVic in WordPress Plugin Trail Manager versions = 1.0.0...
WordPress ARK Related Posts plugin <= 2.19 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ARK Related Posts versions = 2.19...
WordPress Thai Lottery Widget plugin <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Thai Lottery Widget versions = 2.5...
WordPress WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion vulnerability
Cross-Site Request Forgery to Vendor Product Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WC Vendors Marketplace versions = 2.6.4...
WordPress Weekly Planner plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Weekly Planner versions = 1.0...
WordPress Live CSS Preview plugin <= 2.1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Live CSS Preview versions = 2.1.4...
WordPress Voidek Employee Portal plugin <= 1.0.6 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Voidek Employee Portal versions = 1.0.6...
WordPress Payaza plugin <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update vulnerability
Missing Authorization to Unauthenticated Order Status Update vulnerability discovered by Legion Hunter in WordPress Plugin Payaza versions = 0.3.8...
WordPress Torod plugin <= 1.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Torod versions = 1.9...
WordPress Time Sheets plugin <= 2.1.3 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Time Sheets versions = 2.1.3...
WordPress FitVids for WordPress plugin <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin FitVids for WordPress versions = 4.0.1...
WordPress Image Cleanup plugin <= 1.9.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Image Cleanup versions = 1.9.2...
WordPress AdForest theme <= 6.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme AdForest versions = 6.0.11...
WordPress Image Cleanup plugin <= 1.9.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Image Cleanup versions = 1.9.2...
WordPress User Spam Remover plugin <= 1.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin User Spam Remover versions = 1.1...
WordPress SMTP Mail plugin <= 1.3.51 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin SMTP Mail versions = 1.3.51...
WordPress Media Library Downloader plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Media Library Downloader versions = 1.4.0...
WordPress Custom Sidebars by ProteusThemes plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Custom Sidebars by ProteusThemes versions = 1.0.3...
WordPress WP Google Analytics Events plugin <= 2.8.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin WP Google Analytics Events versions = 2.8.2...
WordPress Happy Addons for Elementor plugin <= 3.20.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mdr in WordPress Plugin Happy Addons for Elementor versions = 3.20.3...
WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP ERP versions = 1.16.7...
WordPress PostGallery plugin <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin PostGallery versions = 1.12.5...
WordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Mdr in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...
WordPress Hype plugin <= 1.0.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ohmymex in WordPress Plugin Hype versions = 1.0.5...
WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WpEvently versions = 5.0.4...
WordPress Clik stats plugin <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Clikstats versions = 0.8...
WordPress WPForms Google Sheet Connector plugin <= 4.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WPForms Google Sheet Connector versions = 4.0.0...