45983 matches found
WordPress Calendar Plus plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Calendar Plus versions = 1.2.4...
WordPress Logtik theme <= 2.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Logtik versions = 2.3...
WordPress ListingPro theme < 2.9.10 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme ListingPro versions 2.9.10...
WordPress ListingPro theme < 2.9.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme ListingPro versions 2.9.10...
WordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme ListingPro versions 2.9.10...
WordPress Themia Lite Theme <= 1.5.0 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme Themia Lite versions = 1.5.0...
WordPress WP Mailgun SMTP Plugin <= 1.0.7 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Plugin WP Mailgun SMTP versions = 1.0.7...
WordPress WP SendGrid SMTP Plugin <= 1.0.6 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Plugin WP SendGrid SMTP versions = 1.0.6...
WordPress ColorWay Theme <= 4.2.3 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme ColorWay versions = 4.2.3...
WordPress Cloriato Lite Theme <= 1.7.2 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme Cloriato Lite versions = 1.7.2...
WordPress Compass Theme <= 1.1.4 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme Compass versions = 1.1.4...
WordPress Poloray Theme <= 1.3.2 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme Poloray versions = 1.3.2...
WordPress ButterBelly Theme <= 1.1.8 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme ButterBelly versions = 1.1.8...
WordPress Road Fighter Theme <= 1.3.5 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme Road Fighter versions = 1.3.5...
WordPress Rethink Theme <= 1.2.8 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme Rethink versions = 1.2.8...
WordPress Dzonia Lite Theme <= 1.7.1 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Theme Dzonia Lite versions = 1.7.1...
WordPress Cloriato Lite Theme <= 1.7.2 is vulnerable to Sensitive Data Exposure
Software Cloriato Lite Type Theme Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 1e01903a0792 Credits Legion Hunter Required privile...
WordPress ButterBelly Theme <= 1.1.8 is vulnerable to Sensitive Data Exposure
Software ButterBelly Type Theme Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 425eba8f2184 Credits Legion Hunter Required privilege...
WordPress Poloray Theme <= 1.3.2 is vulnerable to Sensitive Data Exposure
Software Poloray Type Theme Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 5bedfaf94c3f Credits Legion Hunter Required privilege...
WordPress Themia Lite Theme <= 1.5.0 is vulnerable to Sensitive Data Exposure
Software Themia Lite Type Theme Vulnerable versions = 1.5.0 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 9716909e2868 Credits Legion Hunter Required privilege...
WordPress Road Fighter Theme <= 1.3.5 is vulnerable to Sensitive Data Exposure
Software Road Fighter Type Theme Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 4a67bfb40d4f Credits Legion Hunter Required privileg...
WordPress Compass Theme <= 1.1.4 is vulnerable to Sensitive Data Exposure
Software Compass Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 702f7ac34caf Credits Legion Hunter Required privilege...
WordPress ColorWay Theme <= 4.2.3 is vulnerable to Sensitive Data Exposure
Software ColorWay Type Theme Vulnerable versions = 4.2.3 Fixed in N/A OWASP Top 10 A2: Cryptographic Failures Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID f2f3f07e918e Credits Legion Hunter Required privilege...
WordPress Rethink Theme <= 1.2.8 is vulnerable to Sensitive Data Exposure
Software Rethink Type Theme Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 9bd607567e0a Credits Legion Hunter Required privilege...
WordPress Dzonia Lite Theme <= 1.7.1 is vulnerable to Sensitive Data Exposure
Software Dzonia Lite Type Theme Vulnerable versions = 1.7.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID c04d0120d52d Credits Legion Hunter Required privilege...
WordPress LWS Cleaner plugin <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file' vulnerability
Authenticated Administrator+ Arbitrary File Deletion via 'lwscldeletefile' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin LWS Cleaner versions = 2.4.1.3...
WordPress Spotify Embed Creator plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Spotify Embed Creator versions = 1.0.5...
WordPress Ultimate Blogroll plugin <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Ultimate Blogroll versions = 2.5.2...
WordPress Embed Google Datastudio plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin Embed Google Datastudio versions = 1.0.0...
WordPress Side Slide Responsive Menu plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Side Slide Responsive Menu versions = 1.0...
WordPress The Events Calendar plugin <= 6.15.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin The Events Calendar versions = 6.15.1...
WordPress Enhanced BibliPlug plugin <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting vulnerability
Authenticated Contirbutor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin Enhanced BibliPlug versions = 1.3.8...
WordPress LH Signing plugin <= 2.83 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin LH Signing versions = 2.83...
WordPress Wp Edit Password Protected plugin < 1.3.5 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Bob Matyas in WordPress Plugin Wp Edit Password Protected – Create Member/User Only Page & Design Password Protected Form versions 1.3.5...
WordPress Woocommerce Envato Affiliates plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Woocommerce Envato Affiliates versions = 1.2.1...
WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin Rank Math SEO versions = 1.0.252.1...
WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Rank Math SEO versions = 1.0.252.1...
WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ? in WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor versions = 3.4.8...
WordPress Time Tracker plugin <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update and Limited Data Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Time Tracker versions = 3.1.0...
WordPress Propovoice plugin <= 1.7.6.7 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by mikemyers in WordPress Plugin Propovoice CRM versions = 1.7.6.7...
WordPress Publish approval plugin <= 1.1 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin Publish Approval versions = 1.1...
WordPress PhpList Subber plugin <= 1.1 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin PhpList Subber versions = 1.1...
WordPress The integration of the AMO.CRM plugin <= 1.0.1 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin The integration of the AMO.CRM versions = 1.0.1...
WordPress My WP Translate plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin My WP Translate versions = 1.1...
WordPress My WP Translate plugin <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion vulnerability
Authenticated Subscriber+ Missing Authorization to Arbitrary Option Read and Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin My WP Translate versions = 1.1...
WordPress Countdown Timer for Elementor plugin <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'countdown_label' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'countdownlabel' vulnerability discovered by zer0gh0st in WordPress Plugin Countdown Timer for Elementor versions = 1.3.9...
WordPress eID Easy plugin <= 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin eID Easy versions = 4.9.3...
WordPress Blog Designer For Elementor plugin <= 1.1.7 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by wesley wcraft in WordPress Plugin Blog Designer For Elementor versions = 1.1.7...
WordPress Elements Plus! plugin <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Elements Plus! versions = 2.16.4...
WordPress Digital Events Calendar plugin <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via column Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Digital Events Calendar versions = 1.0.8...