46571 matches found
WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Custom Field Template versions = 2.7.8...
WordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HaiND in WordPress Plugin Japanized For WooCommerce versions = 2.9.12...
WordPress Woffice theme < 5.4.33 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Woffice versions 5.4.33...
WordPress Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin <= 2.9.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by HieuPenguinnn in WordPress Plugin Colissimo Officiel : Méthodes de livraison pour WooCommerce versions = 2.9.0...
WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by John Umoru in WordPress Plugin Business Directory versions = 6.4.23...
WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin ARForms versions = 7.1.2...
WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ads by WPQuads versions = 3.0.3...
WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jobify versions = 4.3.2...
WordPress Landing Page Builder plugin <= 1.5.3.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by HaiND in WordPress Plugin Landing Page Builder versions = 1.5.3.5...
WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Tiago Ventura @perses in WordPress Plugin WP User Frontend versions = 4.3.7...
WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Link Whisper Free versions = 0.9.4...
WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin BEAR versions = 1.1.8...
WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Evan NR in WordPress Plugin Wallet System for WooCommerce versions = 2.7.6...
WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by endy in WordPress Plugin Paid Videochat Turnkey Site versions = 7.4.8...
WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by endy in WordPress Plugin MasterStudy LMS versions = 3.7.27...
WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Designer Pro versions = 1.9.34...
WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by she11f in WordPress Plugin Business Directory versions = 6.4.22...
WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by sleeper in WordPress Plugin MainWP versions = 6.1.1...
WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0xManticore in WordPress Plugin Business Directory versions = 6.4.22...
WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Simple User Avatar versions = 4.9...
WordPress Embed Privacy plugin <= 1.12.3 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Embed Privacy versions = 1.12.3...
WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass vulnerability
Authenticated Subscriber+ Authentication Bypass vulnerability discovered by Rafael Gunawan kokon in WordPress Plugin RegistrationMagic versions = 6.0.8.6...
WordPress Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation vulnerability
Missing Authorization to Unauthenticated Payment Record Manipulation vulnerability discovered by Netwurm - VTDR e.V.i.G. in WordPress Plugin WP Full Stripe Free versions = 8.4.3...
WordPress Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by Weerawat Pawanawiwat ErbaZZ - Reconix Co., Ltd. in WordPress Plugin Quiz And Survey Master versions = 11.1.4...
WordPress Product Specifications for Woocommerce plugin <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Attribute/Group Creation, Modification, and Deletion vulnerability discovered by dyingman in WordPress Plugin Product Specifications for Woocommerce versions = 0.8.9...
WordPress Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification vulnerability
Missing Authorization to Authenticated Student+ Arbitrary Course Announcement Modification vulnerability discovered by ilinor in WordPress Plugin Masteriyo - LMS versions = 2.2.1...
WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Information Disclosure vulnerability discovered by 0xHerc - IntegSec in WordPress Plugin Dokan versions = 5.0.4...
WordPress Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin <= 3.8.0 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability
Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Gutenverse versions = 3.8.0...
WordPress Surbma | Infusionsoft Shortcode plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Surbma | Infusionsoft Shortcode versions = 2.0.1...
WordPress Spexo theme <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Activation vulnerability discovered by adhikara13 in WordPress Theme Spexo versions = 2.0.11...
WordPress Page Builder by SiteOrigin plugin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by lhking in WordPress Plugin Page Builder by SiteOrigin versions = 2.34.3...
WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by valent1 in WordPress Plugin NEX-Forms versions = 9.2.2...
WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.11...
WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BNE Testimonials versions = 2.0.8...
WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Carousel versions = 1.0.0.41...
WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Donation Thermometer versions = 2.2.7...
WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability
Content Injection vulnerability discovered by Bonds in WordPress Plugin Auros Core versions = 5.3.1...
WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...
WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Forget About Shortcode Buttons versions = 2.1.3...
WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Live Copy Paste for Elementor versions = 1.5.3...
WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Goya Core versions 1.0.9.4...
WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4.4.3 - Local File Inclusion vulnerability
WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme = 4.4.3 - Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Splash - Sport Club WordPress Theme for Basketball, Football, Hockey versions = 4.4.3...
WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Phat RiO in WordPress Plugin BookPro versions = 1.1.0...
WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Groundhogg versions = 4.5...
WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin GravityView versions = 3.0.0...
WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 30.0.0...
WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Bopo – WooCommerce Product Bundle Builder versions = 1.1.6...
WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Recipe Maker For Your Food Blog from Zip Recipes versions = 8.2.7...
WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Md. Minaruzzaman Shovon in WordPress Plugin WPComplete versions = 2.9.5.5...
WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability
WordPress Paid Memberships Pro - Add Member From Admin plugin = 0.7.2 - Cross Site Request Forgery CSRF vulnerability discovered by Roll in WordPress Plugin Paid Memberships Pro - Add Member From Admin versions = 0.7.2...