45686 matches found
WordPress Widget Options - Extended plugin <= 5.3.2 - Authenticated (Contributor+) Remote Code Execution vulnerability
WordPress Widget Options - Extended plugin = 5.3.2 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by ? in WordPress Plugin Widget Options - Extended versions = 5.3.2...
WordPress Gravity Bookings plugin <= 2.5.9 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.5.9...
WordPress SliceWP plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SliceWP versions = 1.2.6...
NPM: sse-channel: SSE Injection via unsanitized event fields
NPM: sse-channel: SSE Injection via unsanitized event fields vulnerability discovered by ? in WordPress Npm sse-channel versions = 4.0.0...
NPM: ip-address has XSS in Address6 HTML-emitting methods
NPM: ip-address has XSS in Address6 HTML-emitting methods vulnerability discovered by ? in WordPress Npm ip-address versions = 10.1.0...
NPM: Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection
NPM: Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection vulnerability discovered by ? in WordPress Npm mongoose versions = 9.0.0, = 9.1.5...
NPM: ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid
NPM: ssrfcheck: SSRF Bypass Caused by Failure to Classify Reserved IP Address Space as Invalid vulnerability discovered by ? in WordPress Npm ssrfcheck versions 1.2.0...
NPM: OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes
NPM: OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...
NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution
NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...
NPM: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload
NPM: OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...
WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read vulnerability
Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Niv Kochan in WordPress Plugin FluentForm versions = 6.2.1...
WordPress Affiliate Program Suite — SliceWP Affiliates plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SliceWP versions = 1.2.7...
NPM: VM2 Has a WASM Sandbox Escape (Node 25 only)
NPM: VM2 Has a WASM Sandbox Escape Node 25 only vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.4...
NPM: VM2 Has a Sandbox Escape Issue via SuppressedError
NPM: VM2 Has a Sandbox Escape Issue via SuppressedError vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.4...
NPM: VM2 Has Sandbox Breakout Through Inspect Function
NPM: VM2 Has Sandbox Breakout Through Inspect Function vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.3...
NPM: VM2 Has Sandbox Breakout Through Promise Species
NPM: VM2 Has Sandbox Breakout Through Promise Species vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.3...
WordPress Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption vulnerability
Missing Authorization to Authenticated Subscriber+ Stripe Webhook Deletion and Payment Processing Disruption vulnerability discovered by Jared Reyes in WordPress Plugin Paid Memberships Pro versions = 3.6.5...
WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.42 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by type5afe in WordPress Plugin Form Maker by 10Web versions = 1.15.42...
WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.1 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.52.1...
WordPress WeePie Cookie Allow plugin <= 3.4.11 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Ren Voza in WordPress Plugin WeePie Cookie Allow versions = 3.4.11...
WordPress GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content plugin <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary plugin Installation vulnerability
Missing Authorization to Unauthenticated Arbitrary plugin Installation vulnerability discovered by kiemtiendinhau in WordPress Plugin GeekyBot versions = 1.2.2...
WordPress GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content plugin <= 1.2.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin GeekyBot versions = 1.2.0...
WordPress Ninja Tables – Easy Data Table Builder plugin <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Table Creation vulnerability discovered by nquangit - Techlab Corporation in WordPress Plugin Ninja Tables versions = 5.2.6...
WordPress Subscribe To Comments Reloaded plugin <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management vulnerability
Improper Authorization to Unauthenticated Arbitrary Subscription Management vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Subscribe To Comments Reloaded versions = 240119...
WordPress AWP Classifieds plugin < 4.4.6.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Hunter Jensen skid in WordPress Plugin AWP Classifieds versions 4.4.6.1...
WordPress Mercado Pago payments for WooCommerce plugin <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability
Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure vulnerability discovered by Muhammad Sharief in WordPress Plugin Mercado Pago payments for WooCommerce versions = 8.7.11...
WordPress WP Business Intelligence Lite plugin <= 3.2.0 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation vulnerability
Authenticated Subscriber+ Missing Authorization to Privilege Escalation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Business Intelligence Lite versions = 3.2.0...
WordPress Salon Booking System – Free Version plugin <= 10.30.25 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Salon booking system versions = 10.30.25...
WordPress Profile Builder Pro plugin <= 3.14.5 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by 0xbro in WordPress Plugin Profile Builder Pro versions = 3.14.5...
WordPress Geo Mashup plugin <= 1.13.19 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Geo Mashup versions = 1.13.19...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...
WordPress ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 4.0.60 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Yuvraj Tomar in WordPress Plugin ARMember versions = 4.0.60...
WordPress User Verification by PickPlugins plugin <= 2.0.46 - Unauthenticated Authentication Bypass vulnerability
Unauthenticated Authentication Bypass vulnerability discovered by kai63001 in WordPress Plugin User Verification versions = 2.0.46...
WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability
Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...
WordPress WP Mail Gateway plugin <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification vulnerability
Missing Authorization to Authenticated Subscriber+ SMTP Configuration Modification vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Mail Gateway versions = 1.8...
WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability
Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...
WordPress Geo Mashup plugin <= 1.13.18 - Unauthenticated Time-Based SQL Injection vulnerability
Unauthenticated Time-Based SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Geo Mashup versions = 1.13.18...
WordPress Temporary Login plugin <= 1.0.0 - Authentication Bypass to Account Takeover vulnerability
Authentication Bypass to Account Takeover vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Temporary Login versions = 1.0.0...
WordPress Mentoring plugin <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration vulnerability
Unauthenticated Privilege Escalation in mentoringprocessregistration vulnerability discovered by シルAsuna in WordPress Plugin Mentoring versions = 1.2.8...
WordPress MoreConvert Pro plugin <= 1.9.14 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin MoreConvert Pro versions = 1.9.14...
WordPress Import and export users and customers plugin <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kiemtiendinhau in WordPress Plugin Import and export users and customers versions = 2.0.8...
WordPress User Registration Advanced Fields plugin <= 1.6.20 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin User Registration Advanced Fields versions = 1.6.20...
NPM: Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
NPM: Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream vulnerability discovered by ? in WordPress Npm axios versions = 1.0.0, 1.15.1...
NPM: Axios: no_proxy bypass via IP alias allows SSRF
NPM: Axios: noproxy bypass via IP alias allows SSRF vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
NPM: Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
NPM: Axios: unbounded recursion in toFormData causes DoS via deeply nested request data vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
NPM: Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0
NPM: Axios' HTTP adapter-streamed uploads bypass maxBodyLength when maxRedirects: 0 vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...