46606 matches found
WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Orpheus versions = 1.3...
WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eventicity versions = 1.5...
WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Spike versions = 1.2...
WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eros versions = 1.3...
WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gunslinger versions = 1.7...
WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Choreo versions = 1.6...
WordPress Skyward theme <= 1.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Skyward versions = 1.10...
WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WineShop versions = 3.17...
WordPress Grecko theme <= 5.17 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Grecko versions = 5.17...
WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Snowy versions = 1.13...
WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gita versions = 1.11...
WordPress Printo theme <= 1.11 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Printo versions = 1.11...
WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Granola versions = 1.13...
WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gamic versions = 1.15...
WordPress SeedProd Pro plugin < 6.19.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SeedProd Pro versions 6.19.5...
WordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.6...
WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending vulnerability
Missing Authorization to Authenticated Subscriber+ Email Sending vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Everest Forms versions = 3.4.7...
WordPress Advanced Custom Fields (ACF®) plugin <= 6.8.1 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Advanced Custom Fields versions = 6.8.1...
WordPress affiliate-toolkit plugin <= 3.8.8 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by Nguyen Quang Truong in WordPress Plugin affiliate-toolkit versions = 3.8.8...
WordPress Booking Calendar – Event Calendar plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by bashu - VN in WordPress Plugin Booking Calendar – Event Calendar versions = 2.1.6...
WordPress Query Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Query Shortcode versions = 0.2.1...
WordPress NS Product icon badge plugin <= 1.2.4 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin NS Product icon badge versions = 1.2.4...
WordPress Livemesh SiteOrigin Widgets plugin <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh SiteOrigin Widgets versions = 3.9.2...
WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...
WordPress Livemesh Addons for Beaver Builder plugin <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for Beaver Builder versions = 3.9.2...
WordPress Enable jQuery Migrate Helper plugin <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade vulnerability
Missing Authorization to Authenticated Subscriber+ jQuery Version Downgrade vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Enable jQuery Migrate Helper versions = 1.4.1...
WordPress WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager plugin <= 2.3.5 - Authenticated (Author+) Remote Code Execution vulnerability
Authenticated Author+ Remote Code Execution vulnerability discovered by Win3 in WordPress Plugin WPCode versions = 2.3.5...
WordPress Firebase Support & Chat Management plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Farrukh Ziyaev in WordPress Plugin Firebase Support & Chat Management versions = 3.1.1...
WordPress Login with NEAR plugin <= 0.3.3 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by g0wthr in WordPress Plugin Login with NEAR versions = 0.3.3...
WordPress Boost plugin <= 2.0.3 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Boost versions = 2.0.3...
WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Master Slider versions = 3.10.8...
WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Abu Hurayra in WordPress Plugin GenerateBlocks versions = 2.1.0...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.10 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by dodoh4t in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.10...
WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin BP Better Messages versions = 2.14.16...
WordPress 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On versions = 2.0.1...
WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.1.5...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary User Meta Exposure vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Meta Field Block versions = 1.5.1...
WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by kai63001 in WordPress Plugin KiviCare versions = 4.3.0...
WordPress Xpro Elementor Addons - Pro plugin <= 1.4.7 - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability
WordPress Xpro Elementor Addons - Pro plugin = 1.4.7 - Pro = 1.4.7 - Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Xpro Elementor Addons - Pro versions = 1.4.7...
WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...
WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin myLinksDump versions = 1.6...
WordPress rexCrawler plugin <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rexCrawler versions = 1.0.15...
WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 2.0.1...
WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tiktok Feed versions = 1.0.24...
WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin WpBookingly versions = 1.2.9...
WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin WpTravelly versions = 2.1.5...
WordPress WP Promoter plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Promoter versions = 1.3...
WordPress MetaMagic SEO Plugin plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MetaMagic SEO Plugin versions = 1.6...
WordPress Github Shortcode plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Github Shortcode versions = 0.1...
WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...