46629 matches found
WordPress WP Blockade – Visual Page Builder plugin <= 0.9.14 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin WP Blockade versions = 0.9.14...
WordPress FastX theme <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation and Activation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Theme FastX versions = 1.0.2...
WordPress KIA Subtitle plugin <= 4.0.1 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by zaim in WordPress Plugin KIA Subtitle versions = 4.0.1...
WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability
Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...
WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by ? in WordPress Plugin Fusion Builder versions = 3.15.2...
WordPress AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.8.2...
WordPress Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin <= 1.6.9 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Creative Mail versions = 1.6.9...
WordPress Infility Global plugin < 2.15.21 - SQL Injection vulnerability
SQL Injection vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Infility Global versions 2.15.21...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion vulnerability
Unauthenticated Limited Arbitrary File Read and Deletion vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...
WordPress Zoho ZeptoMail plugin <= 3.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Zoho ZeptoMail versions = 3.2.9...
WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin CF7 WOW Styler versions = 1.7.6...
WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Que Thanh Tuan in WordPress Plugin Mail Mint versions = 1.19.5...
WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.70 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Wannes Verwimp in WordPress Plugin Piotnet Addons For Elementor Pro versions = 7.1.70...
WordPress Piotnet Forms plugin <= 2.1.40 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Piotnet Forms versions = 2.1.40...
WordPress Account Switcher plugin <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation vulnerability
Authenticated Subscriber+ Authentication Bypass to Privilege Escalation vulnerability discovered by Ren Voza in WordPress Plugin Account Switcher versions = 1.0.2...
WordPress ProSolution WP Client plugin <= 2.0.0 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by snr in WordPress Plugin ProSolution WP Client versions = 2.0.0...
WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.4 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Ankit Patel in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.4...
WordPress Advanced Database Cleaner – Premium plugin <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion vulnerability
Authenticated Subscriber+ Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Advanced Database Cleaner – Premium versions = 4.1.0...
WordPress GSheet For Woo Importer plugin <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin GSheet For Woo Importer versions = 2.3.1...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.8...
WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Joe Bruno, Principal Security Engineer @ Monarx in WordPress Plugin Gift Cards For WooCommerce Pro versions = 4.2.6...
NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows
NPM: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
NPM: Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification
NPM: Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage
NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
WordPress WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons plugin <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability
Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by BaroHaf - fpt in WordPress Plugin WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons versions = 1.0.8...
WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin HT Contact Form 7 versions = 2.8.2...
WordPress Broadstreet plugin <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure vulnerability
Authenticated Subscriber+ Private Post Meta Disclosure vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Broadstreet Ads versions = 1.52.2...
WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin YITH WooCommerce Product Add-Ons versions = 4.29.0...
WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Doan Dinh Van in WordPress Plugin Visualizer versions 4.0.0...
WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Phat RiO in WordPress Plugin PowerPress Podcasting versions = 11.15.10...
WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WpBookingly versions = 1.2.9...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.11...
WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 5.5.1...
WordPress Slider Revolution plugin <= 7.0.9 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Nos1x0 in WordPress Plugin Slider Revolution versions = 7.0.9...
NPM: CamoFox MCP: Unauthenticated HTTP MCP browser-control surface
NPM: CamoFox MCP: Unauthenticated HTTP MCP browser-control surface vulnerability discovered by ? in WordPress Npm camofox-mcp versions 1.13.2...
NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl vulnerability discovered by ? in WordPress Npm sillytavern versions = 1.17.0...
NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
NPM: Nuxt: nuxtisland endpoint does not bind responses to request props, enabling shared-cache poisoning vulnerability discovered by ? in WordPress Npm nuxt versions = 3.1.0, = 3.21.5...
NPM: Trubo: Login callback CSRF/session fixation
NPM: Trubo: Login callback CSRF/session fixation vulnerability discovered by ? in WordPress Npm turbo versions = 2.9.13...
NPM: Turbo: Unexpected local code execution during Yarn Berry detection
NPM: Turbo: Unexpected local code execution during Yarn Berry detection vulnerability discovered by ? in WordPress Npm turbo versions = 1.1.0, 2.9.14...
NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.30, 0.4.37...
WordPress Anomify AI – Anomaly Detection and Alerting plugin <= 0.3.6 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Anomify AI – Anomaly Detection and Alerting versions = 0.3.6...
WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Image Deletion vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin NextGEN Gallery versions = 4.2.0...
NPM: Budibase: Unrestricted Upload of File with Dangerous Type
NPM: Budibase: Unrestricted Upload of File with Dangerous Type vulnerability discovered by ? in WordPress Npm budibase versions 3.38.2...
NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.7...
NPM: n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass
NPM: n8n: Credential exfiltration via Allowed HTTP Request Domains Bypass vulnerability discovered by ? in WordPress Npm n8n versions 2.20.0...
NPM: n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions
NPM: n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions vulnerability discovered by ? in WordPress Npm n8n versions 2.19.3...
NPM: Nuxt: Reflected XSS in `navigateTo()` external redirect
NPM: Nuxt: Reflected XSS in navigateTo external redirect vulnerability discovered by ? in WordPress Npm nuxt versions = 3.4.3, = 3.21.5...
NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs
NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated authfetch and downloadmedia URLs vulnerability discovered by ? in WordPress Npm auth-fetch-mcp versions = 3.0.0...
WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3...
WordPress All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability
Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by 0x61626390 in WordPress Plugin All In One SEO Pack versions = 4.9.7...