46624 matches found
WordPress Correct Prices plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Correct Prices versions = 1.0...
WordPress SponsorMe plugin <= 0.5.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin SponsorMe versions = 0.5.2...
WordPress LJ comments import: reloaded plugin <= 0.97.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin LJ comments import: reloaded versions = 0.97.1...
WordPress VatanSMS WP SMS plugin <= 1.01 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin VatanSMS WP SMS versions = 1.01...
WordPress Oliver POS plugin < 4.5.4 - Other Vulnerability Type vulnerability
Other Vulnerability Type vulnerability discovered by Hunter Jensen skid in WordPress Plugin Oliver POS versions 4.5.4...
WordPress 診断ジェネレータ作成プラグイン plugin <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'js' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin 診断ジェネレータ作成プラグイン versions = 1.4.16...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...
WordPress WooCommerce PayPal Payments plugin <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure vulnerability
Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce PayPal Payments versions = 4.0.1...
WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ API Secret Key Disclosure and Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...
WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Options Update vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.32.0...
WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key vulnerability
Missing Authorization to Authenticated Subscriber+ Generate API Secret Key vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...
WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ API Secret Key Disclosure and Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...
WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...
WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Bas Albers in WordPress Plugin Ads by WPQuads versions = 3.0.2...
WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...
WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...
WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability
SQL Injection vulnerability discovered by walow in WordPress Plugin MasterStudy LMS versions = 3.7.29...
WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.1...
WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.1...
WordPress PropertyHive plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by HaiND in WordPress Plugin PropertyHive versions = 2.2.2...
WordPress Ditty – Responsive News Tickers, Sliders, and Lists plugin <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Ditty versions = 3.1.65...
WordPress AudioIgniter Music Player plugin <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter vulnerability
Unauthenticated Insecure Direct Object Reference to 'audioigniterplaylistid' Parameter vulnerability discovered by ? in WordPress Plugin AudioIgniter Music Player versions = 2.0.2...
WordPress WP ERP Pro plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by kudasav in WordPress Plugin WP ERP Pro versions = 1.5.1...
WordPress BookingPress Appointment Booking Pro plugin <= 5.6 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.6...
WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.5 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by sorawautsukushiii in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.5...
NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret
NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret vulnerability discovered by ? in WordPress Npm network-ai versions = 5.4.4...
NPM: JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection
NPM: JavaScript Cookie: Per-instance prototype hijack in assign enables cookie-attribute injection vulnerability discovered by ? in WordPress Npm js-cookie versions = 3.0.5...
NPM: NocoDB: Stale Auth Cache After API Token Deletion
NPM: NocoDB: Stale Auth Cache After API Token Deletion vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NPM: NocoDB: Attachment Size Limit Bypass via Upload-by-URL
NPM: NocoDB: Attachment Size Limit Bypass via Upload-by-URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members
NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NPM: NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
NPM: NocoDB: Refresh Token Cookie Set Without secure and sameSite Flags vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NPM: NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
NPM: NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NPM: NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
NPM: NocoDB: SSRF Protection Bypass in Notification Webhook Plugins Slack, Discord, Mattermost, Teams vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NPM: NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
NPM: NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...
NPM: MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
NPM: MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement vulnerability discovered by ? in WordPress Npm mcp-server-kubernetes versions 3.6.0...
WordPress Widget Context plugin <= 1.3.3 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by darkmode in WordPress Plugin Widget Context versions = 1.3.3...
WordPress Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Form Structure Modification vulnerability discovered by Thanh Toan Bui in WordPress Plugin Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder versions = 1.1.1...
WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure vulnerability
Authenticated Subscriber+ Information Disclosure vulnerability discovered by Kitch - KitchGlobal in WordPress Plugin Slider by Soliloquy versions = 2.8.1...
WordPress MotoPress Hotel Booking plugin <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Hotel Booking Lite versions = 6.0.1...
WordPress FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin <= 2.9.87 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Saleh Elsayed 0xManticore in WordPress Plugin Fluent CRM versions = 2.9.87...
WordPress The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.11...
NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
NPM: md-fileserver: Stored/Reflected XSS when viewing Markdown raw HTML allowed vulnerability discovered by ? in WordPress Npm md-fileserver versions 1.10.3...
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...
WordPress Alfie – Feed Plugin plugin <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion vulnerability
Cross-Site Request Forgery to Feed Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alfie versions = 1.2.1...
WordPress WP Blockade – Visual Page Builder plugin <= 0.9.14 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...
WordPress FastX theme <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation and Activation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Theme FastX versions = 1.0.2...
WordPress KIA Subtitle plugin <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by zaim in WordPress Plugin KIA Subtitle versions = 4.0.1...
WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability
Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...
WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by ? in WordPress Plugin Fusion Builder versions = 3.15.2...