46662 matches found
WordPress Faces of Users plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Faces of Users versions = 0.0.3...
WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Presto Player versions = 4.1.3...
WordPress Active Products Tables for WooCommerce plugin <= 1.0.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by endy in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.8...
WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Tiago Ventura @perses in WordPress Plugin wpForo Forum versions = 3.0.6...
NPM: ws: Uninitialized memory disclosure
NPM: ws: Uninitialized memory disclosure vulnerability discovered by ? in WordPress Npm ws versions = 8.0.0, 8.20.1...
NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows vulnerability discovered by ? in WordPress Npm budibase versions 3.38.1...
NPM: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete
NPM: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.51.1...
NPM: multiparty vulnerable to ReDoS via filename parsing
NPM: multiparty vulnerable to ReDoS via filename parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...
NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...
NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception
NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...
NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport
NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport vulnerability discovered by ? in WordPress Npm dynoxide versions = 0.9.3, 0.9.13...
NPM: parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names
NPM: parse-nested-form-data has Prototype Pollution via proto in FormData field names vulnerability discovered by ? in WordPress Npm parse-nested-form-data versions = 1.0.0...
NPM: brace-expansion: Large numeric range defeats documented `max` DoS protection
NPM: brace-expansion: Large numeric range defeats documented max DoS protection vulnerability discovered by ? in WordPress Npm brace-expansion versions = 5.0.0, 5.0.6...
NPM: Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass
NPM: Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass vulnerability discovered by ? in WordPress Npm neotoma versions = 0.6.0, 0.11.1...
NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins vulnerability discovered by ? in WordPress Npm webpack-dev-server versions = 5.2.3...
NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys vulnerability discovered by ? in WordPress Npm form-data-objectizer versions = 1.0.0...
NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.51.3...
WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin e2pdf versions = 1.32.14...
WordPress AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin 3.4.9-3.4.9 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Authenticated Subscriber+ Privilege Escalation vulnerability discovered by daroo in WordPress Plugin AI Engine versions 3.4.9-3.4.9...
WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Contest Gallery Pro versions = 29.0.1...
WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by thevietronin in WordPress Plugin Classified Listing versions = 5.3.8...
WordPress GiveWP plugin <= 4.14.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin GiveWP versions = 4.14.5...
WordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin WP Document Revisions versions = 3.8.1...
WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...
NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation
NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation vulnerability discovered by ? in WordPress Npm better-auth versions 1.4.17...
NPM: Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE
NPM: Better Auth: OAuth callback accepts mismatched state when cookie-backed state storage is used without PKCE vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.2...
WordPress Hydra Booking plugin <= 1.1.41 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by raihan adi arba in WordPress Plugin Hydra Booking versions = 1.1.41...
WordPress Essential Chat Support plugin <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset vulnerability
Missing Authorization to Unauthenticated Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin Essential Chat Support versions = 1.0.1...
WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by hhhai in WordPress Plugin Smart Coupons for WooCommerce versions 2.3.0...
WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Cong Quang in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...
WordPress Smartcat Translator for WPML plugin <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability
Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Alexis Lafontaine in WordPress Plugin Smartcat Translator for WPML versions = 3.1.77...
WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...
WordPress Quick Playground plugin <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability
Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by ? in WordPress Plugin Quick Playground versions = 1.3.3...
WordPress Receive Notifications After Form Submitting – Form Notify for Any Forms plugin <= 1.1.10 - Unauthenticated Authentication Bypass vulnerability
Unauthenticated Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Receive Notifications After Form Submitting – Form Notify for Any Forms versions = 1.1.10...
WordPress Multicollab: Content Team Collaboration and Editorial Workflow plugin <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment vulnerability
Missing Authorization to Authenticated Subscriber+ Collaboration Comment vulnerability discovered by Jigar Bhanushali Jigar787 - https://jigarbhanushali.com/ in WordPress Plugin Multicollab – Google Doc-Style Editorial Commenting for WordPress versions = 5.2...
NPM: vm2 Has a Sandbox Breakout Using Async Generator
NPM: vm2 Has a Sandbox Breakout Using Async Generator vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.2...
NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable
NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable vulnerability discovered by ? in WordPress Npm svelte versions = 5.46.0, = 5.55.6...
NPM: electerm's encrypt method not safe enough
NPM: electerm's encrypt method not safe enough vulnerability discovered by ? in WordPress Npm electerm versions 3.9.5...
NPM: Electerm Local code through electerm's single-instance socket
NPM: Electerm Local code through electerm's single-instance socket vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, = 3.8.8...
NPM: DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
NPM: DeepSeek TUI: runtests Tool Enables RCE via Malicious Repository Without Approval vulnerability discovered by ? in WordPress Npm deepseek-tui versions = 0.3.0, 0.8.23...
NPM: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool
NPM: DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetchurl Tool vulnerability discovered by ? in WordPress Npm deepseek-tui versions 0.8.22...
NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...
NPM: Svelte: ReDoS in `<svelte:element>` Tag Validation
NPM: Svelte: ReDoS in Tag Validation vulnerability discovered by ? in WordPress Npm svelte versions = 5.51.5, = 5.55.6...
NPM: Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order
NPM: Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order vulnerability discovered by ? in WordPress Npm open-webui versions = 0.7.2...
NPM: Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution
NPM: Open WebUI: Missing workspace.tools Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution vulnerability discovered by ? in WordPress Npm open-webui versions 0.9.5...
NPM: Svelte devalue: DoS via sparse array deserialization
NPM: Svelte devalue: DoS via sparse array deserialization vulnerability discovered by ? in WordPress Npm devalue versions = 5.6.3, = 5.8.0...
NPM: Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
NPM: Open WebUI Has Stored Cross-Site Scripting in SVG Renderer vulnerability discovered by ? in WordPress Npm open-webui versions 0.6.31...
NPM: Svelte SSR vulnerable to cross-site scripting via spread attributes
NPM: Svelte SSR vulnerable to cross-site scripting via spread attributes vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...
NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark
NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.8...
WordPress Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by momopon1415 in WordPress Plugin Classified Listing versions = 5.3.10...