45950 matches found
WordPress Product Pricing Table by WooBeWoo plugin <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability
Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Product Pricing Table by WooBeWoo versions = 1.1.0...
WordPress WP Docs plugin <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'wpdocsoptionsiconsize' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Docs versions = 2.2.9...
WordPress Form Maker by 10Web plugin <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability
Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Form Maker by 10Web versions = 1.15.40...
WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability
Unauthenticated SQL Injection via 'options' Parameter Keys in productdata vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...
WordPress Accessibility Suite by Ability, Inc plugin <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter vulnerability
Authenticated Subscriber+ SQL Injection via 'scanid' Parameter vulnerability discovered by Victor Pasman in WordPress Plugin Accessibility Suite versions = 4.20...
WordPress AcyMailing plugin 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
WordPress AcyMailing plugin 9.11.0 - 10.8.1 - Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Ren Voza in WordPress Plugin AcyMailing SMTP Newsletter versions 9.11.0-10.8.1...
WordPress Riaxe Product Customizer plugin <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action vulnerability
Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...
WordPress Career Section plugin <= 1.6 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Ivan Cese in WordPress Plugin Career Section versions = 1.6...
WordPress Payment Gateway for Redsys & WooCommerce Lite plugin <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation vulnerability
Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Redsys for WooCommerce Light versions = 7.0.0...
WordPress Barcode Scanner (+Mobile App) plugin <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication vulnerability
Unauthenticated Privilege Escalation via Insecure Token Authentication vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.11.0...
WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin <= 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability
WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin = 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin PostX versions = 5.0.5...
WordPress BetterDocs plugin <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BetterDocs versions = 4.3.8...
WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode vulnerability
WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin = 2.4.4 - Authenticated Contributor+ Stored Cross-Site Scripting via eebmailto Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Email Encoder Bundle versions = 2.4.4...
WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Muhan Luo in WordPress Plugin MyRewards versions = 5.7.3...
WordPress Livemesh Addons by Elementor plugin <= 9.0 - Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter vulnerability
Authenticated Contributor+ Local File Inclusion via Widget Template Parameter vulnerability discovered by Webbernaut in WordPress Plugin Livemesh Addons for Elementor versions = 9.0...
WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode vulnerability
WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin = 4.8.7 - Authenticated Contributor+ Stored Cross-Site Scripting via 'putwpgm' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Maps versions = 4.8.7...
WordPress OPEN-BRAIN plugin <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'API Key' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin OPEN-BRAIN versions = 0.5.0...
WordPress Basic Google Maps Placemarks plugin <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability
Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Basic Google Maps Placemarks versions = 1.10.7...
WordPress Custom New User Notification plugin <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'User Mail Subject' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom New User Notification versions = 1.2.0...
WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated Arbitrary User Deletion via 'user_id' Parameter vulnerability
Unauthenticated Arbitrary User Deletion via 'userid' Parameter vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...
WordPress Vantage plugin <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Gallery Block Text Content vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Vantage versions = 1.20.32...
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode vulnerability
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via subox Shortcode vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shortcodes Ultimate versions = 7.4.9...
WordPress WP YouTube Lyte plugin <= 1.7.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via lyte Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via lyte Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP YouTube Lyte versions = 1.7.29...
WordPress ProfilePress plugin <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription vulnerability
Missing Authorization to Authenticated Subscriber+ Inactive Membership Plan Subscription vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin ProfilePress versions = 4.16.12...
WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WCFM Marketplace versions = 3.7.1...
WordPress Accept Cryptocurrencies with Plisio plugin <= 2.0.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by AXIS in WordPress Plugin Accept Cryptocurrencies with Plisio versions = 2.0.6...
WordPress Mini Ajax Cart for WooCommerce plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ali Osman ERBAS 0110m4n in WordPress Plugin Mini Ajax Cart for WooCommerce versions = 1.3.4...
WordPress YouTube Showcase plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YouTube Showcase versions = 3.5.1...
WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Mika in WordPress Plugin Smart Online Order for Clover versions = 1.6.0...
WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Userpro versions 5.1.11...
WordPress FluentBoards plugin <= 1.91.2 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin FluentBoards versions = 1.91.2...
WordPress Quick Interest Slider plugin <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Quick Interest Slider versions = 3.1.5...
WordPress Visa Acceptance Solutions plugin <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email vulnerability
Unauthenticated Authentication Bypass via Billing Email vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Visa Acceptance Solutions versions = 2.1.0...
WordPress Accessibly plugin <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API vulnerability
Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API vulnerability discovered by WordFence in WordPress Plugin Accessibly WordPress Website Accessibility versions = 3.0.3...
WordPress Age Verification & Identity Verification by Token of Trust plugin <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via 'description' Parameter vulnerability discovered by Teerachai Somprasong in WordPress Plugin Age Verification & Identity Verification by Token of Trust versions = 3.32.3...
WordPress Eleganzo plugin <= 1.2 - Authenticated (Subscriber+) Arbitrary Directory Deletion vulnerability
Authenticated Subscriber+ Arbitrary Directory Deletion vulnerability discovered by Phat RiO in WordPress Theme Eleganzo versions = 1.2...
WordPress Login as User plugin <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie vulnerability
Authenticated Subscriber+ Privilege Escalation via 'oclauporiginaladmin' Cookie vulnerability discovered by BaroHaf - fpt in WordPress Plugin Login as User versions = 1.0.1...
WordPress WebStack plugin <= 1.2024 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Theme WebStack versions = 1.2024...
WordPress MetForm Pro plugin <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability
Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability discovered by andrea bocchetti in WordPress Plugin MetForm Pro versions = 3.9.7...
WordPress Coachific Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'userhash' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'userhash' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Coachific Shortcode versions = 1.0...
WordPress WP Circliful plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin WP Circliful versions = 1.2...
WordPress WM JqMath plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'style' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin WM JqMath versions = 1.3...
WordPress Katalogportal-pdf-sync Widget plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action vulnerability
Missing Authorization to Authenticated Subscriber+ Information Disclosure via 'katalogportalshortcodePrinter' AJAX Action vulnerability discovered by Poli - CMC Global in WordPress Plugin Katalogportal-pdf-sync Widget versions = 1.0.0...
WordPress OPEN-BRAIN plugin <= 0.5.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin OPEN-BRAIN versions = 0.5.0...
WordPress Petje.af plugin <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action vulnerability
Cross-Site Request Forgery to Account Deletion via 'petjeafdisconnect' AJAX Action vulnerability discovered by theviper17y in WordPress Plugin Petje.af versions = 2.1.8...
WordPress e-shot plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX vulnerability
Missing Authorization to Authenticated Subscriber+ Form Settings Modification via AJAX vulnerability discovered by Poli - CMC Global in WordPress Plugin e-shot versions = 1.0.2...
WordPress Power Charts plugin <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Power Charts versions = 0.1.0...
WordPress VI: Include Post By plugin <= 0.4.200706 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_container' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'classcontainer' Shortcode Attribute vulnerability discovered by MAJidox in WordPress Plugin VI: Include Post By versions = 0.4.200706...
WordPress Advanced Custom Fields (ACF®) plugin <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability
Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability discovered by Fernando Mecozzi in WordPress Plugin Advanced Custom Fields versions = 6.7.0...
WordPress Avada (Fusion) Builder plugin <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference vulnerability
Authenticated Subscriber+ Sensitive Information Exposure via Insecure Direct Object Reference vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.1...