46547 matches found
WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...
WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Gallery versions = 4.7.8...
WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Abandoned Cart Lite for WooCommerce versions = 6.8.0...
WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by lagi bljr in WordPress Plugin MasterStudy LMS versions = 3.7.30...
WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...
WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Post Author versions = 3.9.1...
WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...
WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin Blocksy Companion Pro versions = 2.1.46...
WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.1...
WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin StatCounter versions = 2.1.1...
WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...
WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP All Import versions = 4.0.1...
WordPress Exclusive Addons Elementor plugin <= 2.7.9.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9.8...
WordPress NanoMag theme <= 1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme NanoMag versions = 1.8...
WordPress GIFT4U plugin <= 1.0.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ali Osman ERBAS 0110m4n in WordPress Plugin GIFT4U versions = 1.0.10...
WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Flash & HTML5 Video versions = 2.11.0...
WordPress weMail plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin weMail versions = 2.1.2...
WordPress MapSVG plugin <= 8.6.4 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin MapSVG versions = 8.6.4...
WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin H5P versions = 1.17.7...
WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Site Reviews versions = 8.0.11...
WordPress Simply Schedule Appointments plugin <= 1.6.12.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by vnth4nhnt in WordPress Plugin Simply Schedule Appointments versions = 1.6.12.2...
WordPress GetGenie plugin <= 4.4.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Fraudless in WordPress Plugin GetGenie versions = 4.4.2...
WordPress SureCart plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin SureCart versions = 4.3.2...
WordPress Blocksy Companion Pro plugin <= 2.1.45 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Blocksy Companion Pro versions = 2.1.45...
WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass vulnerability
Missing Authorization to Unauthenticated Payment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.2.0...
WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.5 - Authenticated (Marketer+) SQL Injection vulnerability
Authenticated Marketer+ SQL Injection vulnerability discovered by ? in WordPress Plugin Groundhogg versions = 4.5.5...
NPM: neotoma has tenant isolation gap in relationship query endpoints
NPM: neotoma has tenant isolation gap in relationship query endpoints vulnerability discovered by ? in WordPress Npm neotoma versions = 0.13.0, 0.14.0...
NPM: i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string
NPM: i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string vulnerability discovered by ? in WordPress Npm i18next-fs-backend versions 2.6.6...
NPM: i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names
NPM: i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names vulnerability discovered by ? in WordPress Npm i18next-http-middleware versions 3.9.7...
WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by NETZLICHT in WordPress Plugin OMGF Pro versions = 5.2.6...
WordPress FOX plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin FOX versions = 1.4.8...
WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by bekitousei in WordPress Plugin Everest Forms versions = 3.4.8...
WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin SureCart versions = 4.2.2...
WordPress WoodMart theme <= 8.5.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme WoodMart versions = 8.5.3...
WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Mokksh Parekh in WordPress Plugin Advance Product Search versions = 1.4.4...
WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by VanTastic in WordPress Plugin Toolset Forms versions = 2.6.24...
WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Rafie Muhammad in WordPress Plugin JetEngine versions = 3.8.10.2...
WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin JetSmartFilters versions = 3.8.3...
WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin ShortPixel Adaptive Images versions = 3.11.4...
WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by anhcd05 in WordPress Plugin Tourfic versions = 2.22.5...
WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Roll in WordPress Plugin MailChimp Block versions = 1.1.15...
WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Quotes llama versions = 3.1.5...
WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.5...
WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.4 - Authenticated (Custom+) SQL Injection vulnerability
Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.4...
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 7.1.1...
WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Jamaal ahmed in WordPress Theme Travel Booking versions = 2.2.5...
WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by daroo in WordPress Plugin Quform versions = 2.23.0...
WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator Pro versions = 7.3.0.6...
WordPress RealHomes theme <= 4.5.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Theme RealHomes versions = 4.5.3...
WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin JS Help Desk versions = 3.1.1...