46578 matches found
NPM: esbuild allows arbitrary file read when running the development server on Windows
NPM: esbuild allows arbitrary file read when running the development server on Windows vulnerability discovered by ? in WordPress Npm esbuild versions = 0.27.3, 0.28.1...
WordPress Meow Gallery plugin <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation vulnerability
Missing Authorization to Authenticated Author+ Shortcode creation vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Meow Gallery versions = 5.4.4...
WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration vulnerability
Incorrect Authorization to Authenticated Contributor+ Mail Relay Configuration vulnerability discovered by Drew Webber mcdruid in WordPress Plugin PageLayer versions = 2.0.9...
WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin PageLayer versions = 2.0.9...
WordPress Canvas plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Theme Canvas versions = 2.5.2...
WordPress Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel plugin <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin FooGallery versions = 3.1.31...
NPM: Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
NPM: Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step vulnerability discovered by ? in WordPress Npm budibase versions 3.39.0...
WordPress LWS Optimize – All-in-One Speed Booster & Cache Tools plugin <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read vulnerability
Authenticated Editor+ Arbitrary File Read vulnerability discovered by Omar Elshopky in WordPress Plugin LWS Optimize versions = 3.3.19...
WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Kastell versions = 2.0...
WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability
Path Traversal vulnerability discovered by R2D2 in WordPress Plugin FastDup versions = 2.7.2...
WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10...
WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Nifty versions = 1.4.1...
WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...
WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...
WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Phat RiO in WordPress Plugin BookPro versions = 1.1.0...
WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin SEO Redirection versions = 9.17...
WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability
Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...
WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability
Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...
NPM: joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas
NPM: joi has an uncaught RangeError on deeply nested input through recursive link schemas vulnerability discovered by ? in WordPress Npm joi versions 17.13.4...
WordPress Speed Optimizer plugin < 7.7.9 - Unauthenticated Stored XSS via Minify Library vulnerability
Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Speed Optimizer versions 7.7.9...
WordPress Clearfy Cache plugin < 2.4.2 - Unauthenticated Stored XSS via Minify Library vulnerability
Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Clearfy Cache versions 2.4.2...
WordPress Autoptimize plugin < 3.1.15 - Unauthenticated Stored XSS via Minify Library vulnerability
Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Autoptimize versions 3.1.15...
WordPress Email Encoder plugin < 2.4.7 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Encoder Bundle versions 2.4.7...
WordPress EventPress theme < 22.2 – Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by ? in WordPress Theme EventPress versions 22.2...
WordPress WP Maps plugin < 4.9.3 - Subscriber+ Local File Inclusion vulnerability
Subscriber+ Local File Inclusion vulnerability discovered by Mustafa Ahmed in WordPress Plugin WP Maps versions 4.9.3...
WordPress Ajax Load More plugin < 7.8.4 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ajax Load More versions 7.8.4...
WordPress Decent Comments plugin < 3.0.2 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Vaibhav Narkhede in WordPress Plugin Decent Comments versions 3.0.2...
WordPress Presto Player plugin <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Presto Player versions = 4.2.0...
WordPress Restaurant Cafeteria theme <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability
Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Restaurant Cafeteria versions = 0.4.6...
WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability
Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...
WordPress Powerpack for LearnDash plugin < 1.3.0 - Unauthenticated Arbitrary Option Update vulnerability
Unauthenticated Arbitrary Option Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin PowerPack for LearnDash versions 1.3.0...
WordPress Magic Export & Import plugin < 1.2.0 - Unauthenticated PII Disclosure vulnerability
Unauthenticated PII Disclosure vulnerability discovered by Hoang Phuong in WordPress Plugin Magic Export & Import versions 1.2.0...
WordPress WP Photo Album Plus plugin < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability
Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability discovered by Daniel Púa - devploit in WordPress Plugin WP Photo Album Plus versions 9.1.11.001...
WordPress Login with Salesforce plugin <= 1.0.2 - Unauthenticated Authentication Bypass vulnerability
Unauthenticated Authentication Bypass vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Login with Salesforce versions = 1.0.2...
WordPress WP eCommerce plugin <= 3.15.1 - Coupon Deletion via CSRF vulnerability
Coupon Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP eCommerce versions = 3.15.1...
WordPress Feeds for YouTube plugin < 2.6.4 - Subscriber+ License Data Deletion vulnerability
Subscriber+ License Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Feeds for YouTube versions 2.6.4...
WordPress Lazy Blocks plugin < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML vulnerability
Admin+ Stored XSS via Custom Block Frontend HTML vulnerability discovered by Luca Jungnickel in WordPress Plugin Lazy Blocks versions 4.3.0...
WordPress Schema & Structured Data for WP & AMP plugin < 1.60 - Unauthenticated Arbitrary Media Upload vulnerability
Unauthenticated Arbitrary Media Upload vulnerability discovered by 0xBassia in WordPress Plugin Schema & Structured Data for WP & AMP versions 1.60...
WordPress Spam protection, Honeypot, Anti-Spam by CleanTalk plugin < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability
Unauthenticated Stored XSS via Comment Shortcode Bypass vulnerability discovered by Matthew Rollings in WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk versions 6.79...
WordPress Open User Map PRO plugin <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Hunter Jensen skid in WordPress Plugin Open User Map PRO versions = 1.4.31...
WordPress XStore theme < 9.7.3 - Unauthenticated SQLi vulnerability
Unauthenticated SQLi vulnerability discovered by Ahmed Makawi in WordPress Theme XStore versions 9.7.3...
WordPress Agile Store Locator plugin < 1.6.6 - Admin+ Stored XSS via map_style vulnerability
Admin+ Stored XSS via mapstyle vulnerability discovered by Luca Jungnickel in WordPress Plugin Store Locator WordPress versions 1.6.6...
NPM: Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
NPM: Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload vulnerability discovered by ? in WordPress Npm baileys versions 6.7.22...
WordPress UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability
Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability discovered by vtim in WordPress Plugin UpdraftPlus versions = 1.26.4...
WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...
WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin VikRentCar versions = 1.4.5...
WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin WCMultiShipping versions = 3.0.2...
WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget versions = 4.2.3...
WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Austin Ginder in WordPress Plugin JetBlog versions = 2.4.8...
WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by VanTastic in WordPress Plugin Taskbuilder versions = 5.0.7...