46571 matches found
WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Averon Averenkov in WordPress Plugin Booking and Rental Manager versions = 2.7.1...
WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin TemplateSpare versions = 4.2.0...
WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Gmail SMTP versions = 1.2.3.19...
WordPress Affiliates Manager plugin <= 2.9.49 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Affiliates Manager versions = 2.9.49...
WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Hester Core versions = 1.1.8...
WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Child Theme Wizard versions = 1.4...
WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.2...
WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by William Matos in WordPress Plugin JS Help Desk versions = 3.1.0...
WordPress Magazine Blocks plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Magazine Blocks versions = 1.8.3...
WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ghost Kit versions = 3.6.0...
WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by endy in WordPress Plugin Panorama Viewer – 360 Degree Image + Video Viewer versions = 1.6.1...
WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Shoppable Images Lite versions = 1.3...
WordPress Nelio Content plugin <= 4.3.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Averon Averenkov in WordPress Plugin Nelio Content versions = 4.3.4...
WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Prodigysec in WordPress Plugin Newsletters versions = 4.13...
WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.10...
WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by William Matos in WordPress Plugin Majestic Support versions = 1.1.7...
WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection vulnerability
Authenticated Sales Rep+ SQL Injection vulnerability discovered by ? in WordPress Plugin Groundhogg versions = 4.5.5...
WordPress CodePeople Post Map for Google Maps plugin <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting vulnerability
Authenticated Contributor + Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Google Maps CP versions = 1.2.6...
WordPress Ivory Search – WordPress Search Plugin plugin <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Ivory Search versions = 5.5.15...
WordPress HD Quiz plugin 2.2.0-2.2.1 - 2.2.1 - Cross-Site Request Forgery vulnerability
WordPress HD Quiz plugin 2.2.0-2.2.1 - 2.2.1 - Cross-Site Request Forgery vulnerability discovered by PRISM in WordPress Plugin HD Quiz versions 2.2.0-2.2.1...
WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by ParkHyunWoo in WordPress Plugin FunnelKit Payment Gateway for Stripe WooCommerce versions = 1.14.0.3...
WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Vimalatithyan S. Technieum in WordPress Plugin Email Marketing for WooCommerce by Omnisend versions = 1.19.0...
WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WCBoost Products Compare versions = 1.1.0...
WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin PPWP versions = 1.9.19...
WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin wpForo Forum versions = 3.0.9...
WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Abandoned Cart Lite for WooCommerce versions = 6.8.0...
WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...
WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Gallery versions = 4.7.8...
WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by lagi bljr in WordPress Plugin MasterStudy LMS versions = 3.7.30...
WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Post Author versions = 3.9.1...
WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...
WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin Blocksy Companion Pro versions = 2.1.46...
WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.1...
WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin StatCounter versions = 2.1.1...
WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP All Import versions = 4.0.1...
WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...
WordPress Exclusive Addons Elementor plugin <= 2.7.9.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9.8...
WordPress NanoMag theme <= 1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme NanoMag versions = 1.8...
WordPress GIFT4U plugin <= 1.0.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ali Osman ERBAS 0110m4n in WordPress Plugin GIFT4U versions = 1.0.10...
WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Flash & HTML5 Video versions = 2.11.0...
WordPress weMail plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin weMail versions = 2.1.2...
WordPress MapSVG plugin <= 8.6.4 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin MapSVG versions = 8.6.4...
WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin H5P versions = 1.17.7...
WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Site Reviews versions = 8.0.11...
WordPress Simply Schedule Appointments plugin <= 1.6.12.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by vnth4nhnt in WordPress Plugin Simply Schedule Appointments versions = 1.6.12.2...
WordPress GetGenie plugin <= 4.4.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Fraudless in WordPress Plugin GetGenie versions = 4.4.2...
WordPress SureCart plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin SureCart versions = 4.3.2...
WordPress Blocksy Companion Pro plugin <= 2.1.45 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Blocksy Companion Pro versions = 2.1.45...
WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass vulnerability
Missing Authorization to Unauthenticated Payment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.2.0...
WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.5 - Authenticated (Marketer+) SQL Injection vulnerability
Authenticated Marketer+ SQL Injection vulnerability discovered by ? in WordPress Plugin Groundhogg versions = 4.5.5...