46681 matches found
WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Featured Image from URL versions = 5.2.7...
WordPress Ketchup Shortcodes plugin <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Ketchup Shortcodes versions = 0.1.2...
WordPress EKC Tournament Manager plugin < 2.2.2 - Delete Tournaments via CSRF vulnerability
Delete Tournaments via CSRF vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin EKC Tournament Manager versions 2.2.2...
WordPress Redirection for Contact Form 7 plugin <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload vulnerability
Unauthenticated Arbitrary File Copy via movefiletoupload vulnerability discovered by LionTree in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.7...
WordPress WP Customer Area plugin < 8.2.5 - Bulk Delete via CSRF vulnerability
Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Customer Area versions 8.2.5...
WordPress Essential WP Real Estate plugin <= 1.1.3 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Essential WP Real Estate versions = 1.1.3...
WordPress Front End Users plugin <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via forgot-password Shortcode vulnerability discovered by zaim in WordPress Plugin Front End Users versions = 3.2.30...
WordPress Cool Tag Cloud plugin <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Cool Tag Cloud versions = 2.29...
WordPress Magic Buttons for Elementor plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via magic-button Shortcode vulnerability discovered by Gilang - DJ in WordPress Plugin Magic Buttons for Elementor versions = 1.0...
WordPress WPGYM plugin < 67.8.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WPGYM versions 67.8.0...
WordPress WP Database Backup plugin < 5.2 - Unauthenticated OS Command Injection vulnerability
Unauthenticated OS Command Injection vulnerability discovered by WordFence in WordPress Plugin WP Database Backup versions 5.2...
WordPress Eventin plugin <= 4.0.26 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by mikemyers in WordPress Plugin Eventin versions = 4.0.26...
WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...
WordPress Digihood HTML Sitemap plugin <= 3.1.1 - Reflected Cross-Site Scripting via 'channel' vulnerability
Reflected Cross-Site Scripting via 'channel' vulnerability discovered by vgo0 in WordPress Plugin Digihood HTML Sitemap versions = 3.1.1...
WordPress Profiler - What Slowing Down Your WP plugin <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability
WordPress Profiler - What Slowing Down Your WP plugin = 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin Profiler - What Slowing Down Your WP versions = 1.0.0...
WordPress GDPR Cookie Compliance plugin < 4.15.9 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.9...
WordPress GDPR Cookie Compliance plugin <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin GDPR Cookie Compliance versions = 4.15.6...
WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Wishlist Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Premmerce Wishlist for WooCommerce versions = 1.1.10...
WordPress Service Finder Bookings plugin <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password vulnerability
Authenticated Subscriber+ Privilege Escalation via changecandidatepassword vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...
WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated (Author+) Arbitrary File Upload vulnerability
WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin RESTful Content Syndication versions 1.1.0-1.5.0...
WordPress g-FFL Cockpit plugin <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Ryan Kozak in WordPress Plugin g-FFL Cockpit versions = 1.7.1...
WordPress Elementor plugin <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Tonn in WordPress Plugin Elementor Website Builder versions = 3.29.0...
WordPress Divi theme <= 4.27.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Theme Divi versions = 4.27.1...
WordPress ProfileGrid plugin <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management vulnerability
Missing Authorinzation to Authenticated Subscriber+ Join Group Requests Management vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ProfileGrid versions = 5.9.4.4...
WordPress Essential Addons for Elementor plugin <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by zer0gh0st in WordPress Plugin Essential Addons for Elementor versions = 6.1.12...
WordPress Unilevel MLM Plan plugin <= 1.1.0 - Reflected Cross-Site Scripting via 'page' vulnerability
Reflected Cross-Site Scripting via 'page' vulnerability discovered by vgo0 in WordPress Plugin Unilevel MLM Plan versions = 1.1.0...
WordPress Maps for WP plugin <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Maps for WP versions = 1.2.4...
WordPress Form Builder CP plugin <= 1.2.41 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Form Builder CP versions = 1.2.41...
WordPress WP - Bulk SMS - by SMS.to plugin <= 1.0.12 - Reflected Cross-Site Scripting vulnerability
WordPress WP - Bulk SMS - by SMS.to plugin = 1.0.12 - Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin WP – Bulk SMS versions = 1.0.12...
WordPress WordPress Simple PayPal Shopping Cart plugin <= 5.1.3 - Insecure Direct Object Reference via 'quantity' vulnerability
Insecure Direct Object Reference via 'quantity' vulnerability discovered by Jack Taylor in WordPress Plugin Simple Shopping Cart versions = 5.1.3...
WordPress WordPress Auction plugin <= 3.7 - Editor+ SQL Injection vulnerability
Editor+ SQL Injection vulnerability discovered by Thanh Kieu in WordPress Plugin WordPress Auction Plugin versions = 3.7...
WordPress Premium Age Verification / Restriction for WordPress plugin <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php vulnerability
Unauthenticated Arbitrary File Read and Write via remotetunnel.php vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...
WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'bpnouveauajaxmediasave' function vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...
WordPress Beaver Builder Plugin (Starter Version) plugin <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Tom Broucke - Otomaties in WordPress Plugin Beaver Builder Plugin Starter Version versions = 2.9.1...
WordPress Raptive Ads plugin <= 3.6.3 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Parasimpaticki in WordPress Plugin Raptive Ads versions = 3.6.3...
WordPress Link Whisper Free plugin <= 0.8.8 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Link Whisper Free versions = 0.8.8...
WordPress Top Comments plugin <= 1.0 - Admin+ Stored Cross-Site Scripting vulnerability
Admin+ Stored Cross-Site Scripting vulnerability discovered by Steven Pereira aka Cursed, Anjali Kumari aka HexJello & Muktanand Kale aka Muktimantras in WordPress Plugin Top Comments versions = 1.0...
WordPress BlossomThemes Social Feed plugin <= 2.0.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin BlossomThemes Social Feed versions = 2.0.5...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Table of Contents Widget vulnerability discovered by Webbernaut in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.4.9...
WordPress Bold Page Builder plugin <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'data-text' Parameter vulnerability discovered by Webbernaut in WordPress Plugin Bold Page Builder versions = 5.3.5...
WordPress MelaPress Login Security Premium plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security Premium versions 2.1.0...
WordPress Essential Addons for Elementor plugin <= 6.0.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 6.0.4...
WordPress Pure WC Variation Swatches plugin <= 1.1.7 - Unauthenticated Settings Update vulnerability
Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Pure WC Variation Swatches versions = 1.1.7...
WordPress Arielbrailovsky-Viralad plugin <= 1.0.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by siyuan shao in WordPress Plugin ArielBrailovsky-ViralAd versions = 1.0.8...
WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability
Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Activity Plus Reloaded for BuddyPress versions = 1.1.1...
WordPress WP Church Donation plugin <= 1.7 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin WP Church Donation versions = 1.7...
WordPress Premium Addons for Elementor plugin <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content' vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure via 'gettemplatecontent' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Premium Addons for Elementor versions = 4.11.53...
WordPress Easy Digital Downloads plugin <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect vulnerability
Unvalidated Redirect in Password Reset Flow via eddredirect vulnerability discovered by shark3y in WordPress Plugin Easy Digital Downloads versions = 3.6.2...
WordPress WP-CalDav2ICS plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin WP-CalDav2ICS versions = 1.3.4...
WordPress MAS Videos plugin <= 1.3.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MAS Videos versions = 1.3.4...