45959 matches found
WordPress Shelf Planner plugin <= 2.7.0 - Unauthenticated Information Exposure via Log Files vulnerability
Unauthenticated Information Exposure via Log Files vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Shelf Planner versions = 2.7.0...
WordPress WP Custom Admin Login Page Logo plugin <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Custom Admin Login Page Logo versions = 1.4.8.4...
WordPress CTL Arcade Lite plugin <= 1.0 - Cross-Site Request Forgery to Plugin Activation and Deactivation vulnerability
Cross-Site Request Forgery to Plugin Activation and Deactivation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CTL Arcade Lite versions = 1.0...
WordPress Coon Google Maps plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Coon Google Maps versions = 1.0...
WordPress Astra Security Suite plugin <= 0.2 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Astra Security Suite versions = 0.2...
WordPress EasyCommerce plugin <= 1.8.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin EasyCommerce versions = 1.8.2...
WordPress Precise Columns plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Precise Columns versions = 1.0...
WordPress Jeba Cute forkit plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Jeba Cute forkit versions = 1.0...
WordPress WP Count Down Timer plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin WP Count Down Timer versions = 1.0.1...
WordPress Crypto Tool plugin <= 2.22 - Unauthenticated Information Exposure via Global Authentication State vulnerability
Unauthenticated Information Exposure via Global Authentication State vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crypto versions = 2.22...
WordPress Crypto Tool plugin <= 2.22 - Missing Authentication to Unauthenticated Limited File Deletion vulnerability
Missing Authentication to Unauthenticated Limited File Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crypto versions = 2.22...
WordPress WP-Walla plugin <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin WP-Walla versions = 0.5.3.5...
WordPress Share to Google Classroom plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via share_to_google Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via sharetogoogle Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Share to Google Classroom versions = 1.0...
WordPress Mementor Core plugin <= 2.2.5 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Authenticated Subscriber+ Privilege Escalation vulnerability discovered by theviper17y in WordPress Plugin Mementor Core versions = 2.2.5...
WordPress Magazine Companion plugin <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Magazine Companion versions = 1.2.3...
WordPress My Geo Posts Free plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin My Geo Posts Free versions = 1.2...
WordPress Ninja Countdown plugin <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Countdown Deletion vulnerability discovered by Ivan Cese in WordPress Plugin Ninja Countdown versions = 1.5.0...
WordPress Squirrels Auto Inventory plugin <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Squirrels Auto Inventory versions = 1.0.3...
WordPress Woocommerce – Products By Custom Tax plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Woocommerce – Products By Custom Tax versions = 2.2...
WordPress Simple Donate plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Donate versions = 1.0...
WordPress Holiday class post calendar plugin <= 7.1 - Unauthenticated Remote Code Execution via 'contents' vulnerability
Unauthenticated Remote Code Execution via 'contents' vulnerability discovered by kr0d in WordPress Plugin Holiday class post calendar versions = 7.1...
WordPress Preload Current Images plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Preload Current Images versions = 1.3...
WordPress Fleet Manager plugin <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability
Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Fleet Manager versions = 2.5.1...
WordPress Wisly plugin <= 1.0.0 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation vulnerability
Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Wisly versions = 1.0.0...
WordPress YSlider plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin YSlider versions = 1.1...
WordPress WP Bootstrap Tabs plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin WP Bootstrap Tabs versions = 1.0.4...
WordPress Elastic Theme Editor plugin <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Elastic Theme Editor versions = 0.0.3...
WordPress RandomQuotr plugin <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin RandomQuotr versions = 1.0.4...
WordPress Eventbee Ticketing Widget plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Eventbee Ticketing Widget versions = 1.0...
WordPress Paypal Donation Shortcode plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Paypal Donation Shortcode versions = 0.1...
WordPress Live Photos on WordPress plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Live Photos on WordPress versions = 0.1...
WordPress WP移行専用プラグイン for CPI plugin <= 1.0.2 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin WP移行専用プラグイン for CPI versions = 1.0.2...
WordPress Document Pro Elementor – Documentation & Knowledge Base plugin <= 1.0.9 - Unauthenticated Information Exposure vulnerability
Unauthenticated Information Exposure vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Document Pro Elementor versions = 1.0.9...
WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Custom Fields Account Registration For Woocommerce versions = 1.2...
WordPress Mail Mint plugin <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload vulnerability
Authenticated Admin+ Arbitrary File Upload vulnerability discovered by vodanh in WordPress Plugin Mail Mint versions = 1.18.10...
WordPress Alex Reservations: Smart Restaurant Booking plugin <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload vulnerability
Authenticated Admin+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Alex Reservations versions = 2.2.3...
WordPress Envira Photo Gallery plugin <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion vulnerability
Missing Authorization to Authenticated Contributor+ Gallery Conversion vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Envira Photo Gallery versions = 1.11.0...
WordPress Quick Featured Images plugin <= 13.7.3 - Authenticated (Editor+) SQL Injection via delete_orphaned vulnerability
Authenticated Editor+ SQL Injection via deleteorphaned vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Quick Featured Images versions = 13.7.3...
WordPress CYAN Backup plugin <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion vulnerability
Authenticated Admin+ Arbitrary File Deletion vulnerability discovered by Quy Nguyen in WordPress Plugin CYAN Backup versions = 2.5.4...
WordPress aThemes Addons for Elementor plugin <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Call To Action Widget vulnerability discovered by Abu Hurayra HurayraIIT - WPDeveloper in WordPress Plugin aThemes Addons for Elementor versions = 1.1.5...
WordPress Saphali LiqPay for donate plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Saphali LiqPay for donate versions = 1.0.2...
WordPress Academy LMS plugin <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses' vulnerability
Authenticated Administrator+ PHP Object Injection via 'importallcourses' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS versions = 3.3.8...
WordPress Academy LMS Pro plugin <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script' vulnerability
Unauthenticated Sensitive Information Exposure via 'enqueuesocialloginscript' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS Pro versions = 3.3.8...
WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update vulnerability
Incorrect Authorization to Authenticated Contributor+ Refund Status Update vulnerability discovered by Powpy in WordPress Plugin Flexible Refund and Return Order for WooCommerce versions = 1.0.42...
WordPress EventPrime plugin <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Booking Note Creation vulnerability discovered by Brian Mungai in WordPress Plugin EventPrime versions = 4.2.0.0...
WordPress Better Find and Replace plugin <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection vulnerability
Authenticated Subscriber+ Limited Code Injection vulnerability discovered by ISMAILSHADOW in WordPress Plugin Better Find and Replace versions = 1.7.7...
WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Stars Testimonials versions = 3.3.4...
WordPress Ovatheme Events Manager plugin <= 1.8.6 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.6...
WordPress TaxoPress plugin <= 3.40.0 - Authenticated (Editor+) SQL Injection vulnerability
Authenticated Editor+ SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin TaxoPress versions = 3.40.0...
WordPress Mang Board WP plugin <= 2.3.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Mang Board WP versions = 2.3.1...