45950 matches found
WordPress Optimole plugin <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Optimole versions = 4.2.2...
WordPress Optimole plugin <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL vulnerability
Reflected Cross-Site Scripting via Page Profiler URL vulnerability discovered by WordFence in WordPress Plugin Optimole versions = 4.2.3...
WordPress YML for Yandex Market plugin < 5.0.26 - Shop Manager+ RCE via Feed Generation vulnerability
Shop Manager+ RCE via Feed Generation vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin YML for Yandex Market versions 5.0.26...
WordPress Gravity SMTP plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Uninstall vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...
WordPress Webling plugin <= 3.9.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'title' Parameter vulnerability discovered by Kate Kligman in WordPress Plugin Webling versions = 3.9.0...
WordPress Customer Reviews for WooCommerce plugin <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability
Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability discovered by kai63001 in WordPress Plugin Customer Reviews for WooCommerce versions = 5.103.0...
WordPress Royal WordPress Backup & Restore Plugin plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter vulnerability
Reflected Cross-Site Scripting via 'wprpendingtemplate' Parameter vulnerability discovered by Abi Wiranata in WordPress Plugin Royal WordPress Backup, Restore & Migration versions = 1.0.16...
WordPress UsersWP plugin <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via User Badge Link Substitution vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin UsersWP versions = 1.2.60...
WordPress ActivityPub Routing plugin < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability
Unauthenticated Drafts/Scheduled/Pending Posts Disclosure vulnerability discovered by ryuk kos0ng in WordPress Plugin ActivityPub versions 8.0.2...
WordPress wpForo Forum plugin <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion via 'data[body][fileurl]' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Deletion via 'databodyfileurl' Parameter vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin wpForo Forum versions = 3.0.2...
WordPress WCAPF - WooCommerce Ajax Product Filter plugin <= 4.2.3 - Unauthenticated Time-Based SQL Injection vulnerability
WordPress WCAPF - WooCommerce Ajax Product Filter plugin = 4.2.3 - Unauthenticated Time-Based SQL Injection vulnerability discovered by Youssef Elouaer in WordPress Plugin WCAPF – WooCommerce Ajax Product Filter versions = 4.2.3...
WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability
Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...
WordPress LifterLMS plugin <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability
Authenticated Custom+ SQL Injection via 'order' Parameter vulnerability discovered by momopon1415 in WordPress Plugin LifterLMS versions = 9.2.1...
WordPress UsersWP plugin <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter vulnerability
Authenticated Subscriber+ Server-Side Request Forgery via 'uwpcrop' Parameter vulnerability discovered by s00me00ne in WordPress Plugin UsersWP versions = 1.2.58...
WordPress BlockArt Blocks plugin <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'clientId' Block Attribute vulnerability discovered by WordFence in WordPress Plugin BlockArt Blocks versions = 2.2.15...
WordPress Tutor LMS plugin <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability discovered by Hunter Jensen skid in WordPress Plugin Tutor LMS versions = 3.9.7...
WordPress Greenshift plugin <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via disablelazy Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Greenshift versions = 12.8.9...
WordPress Tutor LMS plugin <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment vulnerability
Missing Authorization to Authenticated Subscriber+ Unauthorized Private Course Enrollment vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin Tutor LMS versions = 3.9.7...
WordPress YITH WooCommerce Wishlist plugin < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability
Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin YITH WooCommerce Wishlist versions 4.13.0...
WordPress Tutor LMS plugin <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter vulnerability
Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'orderid' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.7...
WordPress Perfmatters plugin <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Overwrite via 'snippets' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9...
WordPress MW WP Form plugin <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability
Unauthenticated Arbitrary File Move via regenerateuploadfilekeys vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin MW WP Form versions = 5.1.1...
WordPress User Registration & Membership plugin <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] vulnerability
Authenticated Subscriber+ SQL Injection via membershipids vulnerability discovered by WordFence in WordPress Plugin User Registration versions = 5.1.2...
WordPress Advanced Members for ACF plugin <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal vulnerability
Authenticated Subscriber+ Arbitrary File Deletion via Path Traversal vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Advanced Members for ACF versions = 1.2.5...
WordPress Quick Playground plugin <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability
Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Plugin Quick Playground versions = 1.3.1...
WordPress ProSolution WP Client plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess vulnerability
Unauthenticated Arbitrary File Upload via proSolfileUploadProcess vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin ProSolution WP Client versions = 1.9.9...
WordPress AddFunc Head & Footer Code plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AddFunc Head & Footer Code versions = 2.3...
WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset vulnerability
Cross-Site Request Forgery to Plugin Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.4...
WordPress UsersWP plugin <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability
Authenticated Subscriber+ Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability discovered by nquangit - Techlab Corporation in WordPress Plugin UsersWP versions = 1.2.58...
WordPress Download Manager plugin <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal vulnerability
Missing Authorization to Authenticated Contributor+ Media File Protection Removal vulnerability discovered by Or Benit - MadSec in WordPress Plugin Download Manager versions = 3.3.51...
WordPress WP-Optimize plugin <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Update and Image Manipulation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP-Optimize versions = 4.5.0...
WordPress Online Scheduling and Appointment Booking System - Bookly plugin <= 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability
WordPress Online Scheduling and Appointment Booking System - Bookly plugin = 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability discovered by Youssef Elouaer in WordPress Plugin Bookly versions = 27.0...
WordPress List category posts plugin <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'catlist' Shortcode vulnerability discovered by WordFence in WordPress Plugin List category posts versions = 0.94.0...
WordPress Ultimate FAQ Accordion Plugin plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content vulnerability
Authenticated Author+ Stored Cross-Site Scripting via FAQ Content vulnerability discovered by WordFence in WordPress Plugin Ultimate FAQ versions = 2.4.7...
WordPress OSM plugin <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'markername' Shortcode Attribute vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin OSM versions = 6.1.15...
WordPress MStore API plugin <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Meta Update vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin MStore API versions = 4.18.3...
WordPress Experto Dashboard for WooCommerce plugin <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Navigation Font Size' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Experto Dashboard for WooCommerce versions = 1.0.4...
WordPress Download Manager plugin <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin Download Manager versions = 3.3.52...
WordPress Ziggeo plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Modification via 'ziggeoajax' AJAX Action vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Ziggeo versions = 3.1.1...
WordPress Post Blocks & Tools plugin <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Magazine Companion versions = 1.3.0...
WordPress Extensions for Leaflet Map plugin <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.14...
WordPress Advanced CF7 DB plugin <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion vulnerability
Cross-Site Request Forgery to Form Entry Deletion vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...
WordPress Advanced CF7 DB plugin <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export vulnerability
Missing Authorization to Authenticated Subscriber+ Form Submissions Excel Export vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...
WordPress Page Builder: Pagelayer plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget Custom Attributes vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin PageLayer versions = 2.0.8...
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin = 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin BEAR versions = 1.1.5...
WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by raihan adi arba in WordPress Plugin User Registration versions = 5.1.5...
WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' vulnerability
WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin = 2.10.1.1 - Authenticated Author+ Stored Cross-Site Scripting via 'settingsjs' vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.10.1.1...
WordPress PrivateContent Free plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'align' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin PrivateContent Free versions = 1.2.0...
WordPress Robo Gallery plugin <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Loading Label' Setting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Robo Gallery versions = 5.1.3...