46606 matches found
WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin AI Engine versions = 3.4.9...
WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by 0xzenko in WordPress Plugin CloudSecure WP Security versions = 1.4.7...
WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Cyrille COQUARD in WordPress Plugin Contact Form by WPForms versions = 1.10.0.4...
WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by devploit in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.6...
WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability
Deserialization of untrusted data vulnerability discovered by Phat RiO in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...
WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Post SMTP versions = 3.6.2...
WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin Support Ticket Management System versions = 1.9...
WordPress Grand Car Rental theme <= 3.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Car Rental versions = 3.7...
WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability
WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...
WordPress GEO my WP plugin <= 4.5.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by ? in WordPress Plugin GEO my WordPress versions = 4.5.4...
WordPress Views for WPForms plugin <= 3.4.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Views for WPForms versions = 3.4.6...
WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend versions = 3.3.2...
WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin Tainacan versions = 1.0.3...
WordPress Frontend Admin by DynamiApps plugin <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover vulnerability
Missing Authorization to Authenticated Subscriber+ Account Takeover vulnerability discovered by Tiago Ventura perses in WordPress Plugin Frontend Admin by DynamiApps versions = 3.29.2...
WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by daroo in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.8...
WordPress Frontend Admin by DynamiApps plugin <= 3.29.2 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Frontend Admin by DynamiApps versions = 3.29.2...
WordPress Advanced IP Blocker plugin <= 8.10.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peng Zhou in WordPress Plugin Advanced IP Blocker versions = 8.10.7...
WordPress Shariff Wrapper plugin <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting vulnerability
Authenticated Contributor+ Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shariff Wrapper versions = 4.6.20...
WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Modification vulnerability discovered by winrace in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.8...
WordPress Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin <= 1.8.40 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Or Benit - MadSec in WordPress Plugin Photo Gallery by 10Web versions = 1.8.40...
WordPress Visualizer: Tables and Charts Manager for WordPress plugin <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Chart Creation and Modification vulnerability discovered by davidfdzmorilla in WordPress Plugin Visualizer versions = 3.11.14...
WordPress Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Accessibility Issue Modification vulnerability discovered by w1zard in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.42.0...
WordPress PDF Embedder plugin <= 4.9.3 - Authenticated (Contributor+) Information Exposure vulnerability
Authenticated Contributor+ Information Exposure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin PDF Embedder versions = 4.9.3...
WordPress PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink vulnerability
Cross-Site Request Forgery to Stripe Unlink vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin PeachPay Payments versions = 1.120.46...
WordPress a3 Lazy Load plugin <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin a3 Lazy Load versions = 2.7.6...
WordPress WP Contact Form 7 DB Handler plugin <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by ? in WordPress Plugin WP Contact Form 7 DB Handler versions = 3.0...
WordPress Geo Mashup plugin <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability
Missing Authorization to Unauthenticated Plugin Settings Disclosure vulnerability discovered by t0ann9uy3n in WordPress Plugin Geo Mashup versions = 1.13.19...
WordPress SMTP2GO for WordPress – Email Made Easy plugin <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate vulnerability
Missing Authorization to Authenticated Subscriber+ Log Read/Truncate vulnerability discovered by darkmode in WordPress Plugin SMTP2GO versions = 1.16.0...
WordPress Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking vulnerability
Cross-Site Request Forgery to Payment Account Hijacking vulnerability discovered by type5afe in WordPress Plugin Easy Digital Downloads versions = 3.6.7...
WordPress LiveSmart Video Chat Live Video Chat plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin LiveSmart Video Chat Live Video Chat versions = 1.2...
WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by she11f in WordPress Plugin Smart Online Order for Clover versions = 1.6.0...
WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin The Post Grid versions = 7.9.2...
WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bonds in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.9.6...
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Timetable and Event Schedule versions = 2.4.16...
WordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bonds in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.9.6...
WordPress WP Meta and Date Remover plugin <= 2.3.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Meta and Date Remover versions = 2.3.6...
WordPress DearFlip plugin <= 2.4.29 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin DearFlip versions = 2.4.29...
WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass vulnerability
Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Long Lagon in WordPress Plugin FOX versions = 1.4.6...
WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by timomangcut in WordPress Plugin Duplicate Page and Post versions = 2.9.5...
WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...
WordPress Adminimize plugin <= 1.11.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin Adminimize versions = 1.11.11...
WordPress Facebook for WooCommerce plugin <= 3.7.0 - Open Redirection vulnerability
Open Redirection vulnerability discovered by timomangcut in WordPress Plugin Facebook for WooCommerce versions = 3.7.0...
WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin SVG Support versions = 2.5.14...
WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Truemag versions = 4.3.14.2...
WordPress Roneous theme <= 2.1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Roneous versions = 2.1.5...
WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ITactics versions = 1.0...
WordPress Line Agency theme <= 1.3.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Line Agency versions = 1.3.1...
WordPress Etude theme <= 1.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Etude versions = 1.6...
WordPress Tipsy theme <= 1.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tipsy versions = 1.1...
WordPress Resurs theme <= 1.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Resurs versions = 1.3...