46684 matches found
WordPress Magical Posts Display plugin <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Magical Posts Display versions = 1.2.54...
WordPress Simple Bike Rental plugin <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Booking Data Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simple Bike Rental versions = 1.0.6...
WordPress Events Manager – Calendar, Bookings, Tickets, and more! plugin <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion vulnerability
Cross-Site Request Forgery to Location Deletion vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...
WordPress Events Manager plugin <= 7.2.2.2 - Unauthenticated Information Exposure vulnerability
Unauthenticated Information Exposure vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...
WordPress AI Feeds plugin <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'aifepostmeta' Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin AI Feeds versions = 1.0.22...
WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability
Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.2...
WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.2 - Cross-Site Request Forgery to Data Export vulnerability
Cross-Site Request Forgery to Data Export vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.2...
WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution vulnerability
Missing Authentication to Unauthenticated Action Scheduler Task Execution vulnerability discovered by Adrian Lukita in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.10...
WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...
WordPress MailerLite – Signup forms (official) plugin <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by NosleeP++ in WordPress Plugin MailerLite versions = 1.7.16...
WordPress WP Recipe Maker plugin <= 10.2.2 - Insecure Direct Object Reference to Sensitive Information Exposure vulnerability
Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Recipe Maker versions = 10.2.2...
WordPress WP Fastest Cache Premium plugin <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability
Missing Authorization to Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Fastest Cache Premium versions = 1.7.4...
WordPress BSK PDF Manager plugin <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by rajanhoyr in WordPress Plugin BSK PDF Manager versions = 3.7.1...
WordPress Mailgun Subscriptions plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Mailgun Subscriptions versions = 1.3.1...
WordPress Guest Support plugin <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint vulnerability
Unauthenticated User Email Disclosure in guestsupporthandler AJAX Endpoint vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Guest Support versions = 1.2.3...
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write vulnerability
Missing Authorization to Unauthenticated Limited File Write vulnerability discovered by NumeX in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.7.1...
WordPress Ultra Addons for Contact Form 7 plugin <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF vulnerability
Missing Authorization to Authenticated Subscriber+ to Generate Form Submission PDF vulnerability discovered by shark3y in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.33...
WordPress Donation plugin <= 1.0 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by Yousof Nahya in WordPress Plugin Donation versions = 1.0...
WordPress Contact Form 7 with ChatWork plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'apitoken' and 'roomid' Settings vulnerability discovered by Yahya Oumani cyb3rnoob in WordPress Plugin Contact Form 7 with ChatWork versions = 1.1.0...
WordPress Resource Library for Logged In Users plugin <= 1.4 - Cross-Site Request Forgery to Multiple Administrative Actions vulnerability
Cross-Site Request Forgery to Multiple Administrative Actions vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Resource Library for Logged In Users versions = 1.4...
WordPress WP Dropzone plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'callback' Shortcode Attribute vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WP Dropzone versions = 1.1.1...
WordPress Wpik WordPress Basic Ajax Form plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Wpik WordPress Basic Ajax Form versions = 1.0...
WordPress Rabbit Hole plugin <= 1.1 - Cross-Site Request Forgery to Settings Reset vulnerability
Cross-Site Request Forgery to Settings Reset vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Rabbit Hole versions = 1.1...
WordPress Simple Theme Changer plugin <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability
Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...
WordPress IMAQ Core plugin <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update vulnerability
Cross-Site Request Forgery to URL Structure Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin IMAQ CORE versions = 1.2.1...
WordPress Simple Theme Changer plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability
Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...
WordPress WP Job Portal plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Long Nguyen in WordPress Plugin WP Job Portal versions = 2.4.4...
WordPress LS Google Map Router plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Software : LS Google Map Router Type : Plugin Vulnerable versions : = 1.1.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-13850 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : b2117d151506...
WordPress LS Google Map Router plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin LS Google Map Router versions = 1.1.0...
WordPress Product Filtering by Categories, Tags, Price Range for WooCommerce plugin <= 1.1.6 - Missing Authorization to Unauthenticated plugin Settings Modification vulnerability
Missing Authorization to Unauthenticated plugin Settings Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Filter Plus versions = 1.1.6...
WordPress FX Currency Converter plugin <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin FX Currency Converter versions = 0.2.0...
WordPress Divelogs Widget plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Divelogs Widget versions = 1.5...
WordPress GPXpress plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin GPXpress versions = 1.3...
WordPress Truefy Embed plugin <= 1.1.0 - Cross-Site Request Forgery to 'truefy_embed_options_update' Settings Update vulnerability
Cross-Site Request Forgery to 'truefyembedoptionsupdate' Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Truefy Embed versions = 1.1.0...
WordPress NewStatPress plugin <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NewStatPress versions = 1.4.3...
WordPress WPGancio plugin <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WPGancio versions = 1.12...
WordPress VigLink SpotLight By ShortCode plugin <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'float' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin VigLink SpotLight By ShortCode versions = 1.0.a...
WordPress Purchase and Expense Manager plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Purchase Record Deletion vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Purchase and Expense Manager versions = 1.1.2...
WordPress TWW Protein Calculator plugin <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Header' Setting vulnerability discovered by ChamlaVic in WordPress Plugin TWW Protein Calculator versions = 1.0.24...
WordPress BUKAZU Search widget plugin <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin BUKAZU Search widget versions = 3.3.2...
WordPress WP Flot plugin <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WP Flot versions = 0.2.2...
WordPress Zenost Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Zenost Shortcodes versions = 1.0...
WordPress Simple post listing plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple post listing versions = 0.2...
WordPress Easy Map Creator plugin <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Easy Map Creator versions = 3.0.2...
WordPress Ayo Shortcodes plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Ayo Shortcodes versions = 0.2...
WordPress Kirim.Email WooCommerce Integration plugin <= 1.2.9 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Kirim.Email WooCommerce Integration versions = 1.2.9...
WordPress DebateMaster plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Color Options via 'debate' Shortcode vulnerability discovered by ChamlaVic in WordPress Plugin DebateMaster versions = 1.0.0...
WordPress Upcoming for Calendly plugin <= 1.2.4 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Upcoming for Calendly versions = 1.2.4...
WordPress URL Media Uploader plugin <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload vulnerability
Missing Authorization to Authenticated Contributor+ Safe File Upload vulnerability discovered by jsonc in WordPress Plugin URL Media Uploader versions = 1.0.1...
WordPress BMLT WordPress Plugin plugin <= 3.11.4 - Cross-Site Request Forgery to Settings Creation and Deletion vulnerability
Cross-Site Request Forgery to Settings Creation and Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin BMLT WordPress Plugin versions = 3.11.4...