45959 matches found
WordPress Filestack Official plugin <= 2.1.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Filestack Official versions = 2.1.0...
WordPress Post Affiliate Pro plugin <= 1.28.0 - Authenticated (Administrator+) Server-Side Request Forgery via 'Post Affiliate Pro URL' Field vulnerability
Authenticated Administrator+ Server-Side Request Forgery via 'Post Affiliate Pro URL' Field vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Post Affiliate Pro versions = 1.28.0...
WordPress Alfie - Feed Plugin plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter vulnerability
WordPress Alfie - Feed Plugin plugin = 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'naam' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alfie versions = 1.2.1...
WordPress WPFAQBlock- FAQ & Accordion Plugin For Gutenberg plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin WPFAQBlock versions = 1.1...
WordPress Vagaro Booking Widget plugin <= 0.3 - Unauthenticated Stored Cross-Site Scripting via 'vagaro_code' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'vagarocode' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Vagaro Booking Widget versions = 0.3...
WordPress WP Posts Re-order plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Posts Re-order versions = 1.0...
WordPress Invelity Products Feeds plugin <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Invelity Product Feeds versions = 1.2.6...
WordPress itsukaita plugin <= 0.1.2 - Reflected Cross-Site Scripting via 'day_from' Parameter vulnerability
Reflected Cross-Site Scripting via 'dayfrom' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin itsukaita versions = 0.1.2...
WordPress Content Syndication Toolkit plugin <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability
Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability discovered by theviper17y in WordPress Plugin Content Syndication Toolkit versions = 1.3...
WordPress Performance Monitor plugin <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability
Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability discovered by Afshin Shekaari in WordPress Plugin Performance Monitor versions = 1.0.6...
WordPress Mandatory Field plugin <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings Fields vulnerability discovered by 0x34rth in WordPress Plugin Mandatory Field versions = 1.6.8...
WordPress Multi Post Carousel by Category plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slides' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'slides' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Multi Post Carousel by Category versions = 1.4...
WordPress Survey plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Survey versions = 1.1...
WordPress Add Google Social Profiles to Knowledge Graph Box plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Add Google Social Profiles to Knowledge Graph Box versions = 1.0...
WordPress PQ Addons - Creative Elementor Widgets plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes vulnerability
WordPress PQ Addons - Creative Elementor Widgets plugin = 1.0.0 - Authenticated Contributor+ Stored Cross-Site Scripting via Widget Attributes vulnerability discovered by WordFence in WordPress Plugin PQ Addons – Creative Elementor Widgets versions = 1.0.0...
WordPress Redirect countdown plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Redirect countdown versions = 1.0...
WordPress SR WP Minify HTML plugin <= 2.1 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SR WP Minify HTML versions = 2.1...
WordPress Schema Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Schema Shortcode versions = 1.0...
WordPress iVysilani Shortcode plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin iVysilani Shortcode versions = 3.0...
WordPress Post Flagger plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slug' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'slug' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Post Flagger versions = 1.1...
WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...
WordPress Tour & Activity Operator Plugin for TourCMS plugin <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Tour & Activity Operator Plugin for TourCMS versions = 1.7.0...
WordPress Company Posts for LinkedIn plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary LinkedIn Post Data Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary LinkedIn Post Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Company Posts for LinkedIn versions = 1.0.0...
WordPress Easy Image Gallery plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Easy Image Gallery versions = 1.5.3...
WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...
WordPress Quentn WP plugin <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie vulnerability
Unauthenticated SQL Injection via 'qntnwpaccess' Cookie vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Quentn WP versions = 1.2.12...
WordPress Task Manager plugin <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by theviper17y in WordPress Plugin Task Manager versions = 3.0.2...
WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability
WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin = 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability discovered by Gibran Abdillah in WordPress Plugin App Builder versions = 5.5.10...
WordPress MimeTypes Link Icons plugin <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content vulnerability
Authenticated Contributor+ Server-Side Request Forgery via Crafted Links in Post Content vulnerability discovered by Kai Aizen in WordPress Plugin MimeTypes Link Icons versions = 3.2.20...
WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters vulnerability
Authenticated Administrator+ SQL Injection via 'sortby' and 'sortorder' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin myLinksDump versions = 1.6...
WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...
WordPress Review Map by RevuKangaroo plugin <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Review Map by RevuKangaroo versions = 1.7...
WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability
Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Fonts Manager | Custom Fonts versions = 1.2...
WordPress Reward Video Ad for WordPress plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Reward Video Ad for WordPress versions = 1.6...
WordPress Ed's Font Awesome plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Font Awesome versions = 2.0...
WordPress Ed's Social Share plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Social Share versions = 2.0...
WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability
WordPress Ricerca - advanced search plugin = 1.1.12 - Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Ricerca – advanced search versions = 1.1.12...
WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Helpdesk Support Ticket System for WooCommerce versions = 2.1.2...
WordPress ElementCamp plugin <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability
Authenticated Author+ SQL Injection via 'metaquerycompare' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin ElementCamp versions = 2.3.6...
WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Team versions = 5.0.11...
WordPress CMS Commander plugin <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability
Authenticated Custom+ SQL Injection via 'orblogname' Parameter vulnerability discovered by WordFence in WordPress Plugin CMS Commander versions = 2.288...
WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by san6051 - PWC in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...
WordPress Comment SPAM Wiper plugin <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'API Key' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Comment SPAM Wiper versions = 1.2.1...
WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by mcdruid in WordPress Plugin SimpLy Gallery versions = 3.3.2...
WordPress Wikilookup plugin <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Wikilookup versions = 1.1.5...
WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Woody ad snippets versions = 2.7.1...
WordPress Canto plugin <= 3.1.1 - Missing Authorization to Unauthenticated File Upload vulnerability
Missing Authorization to Unauthenticated File Upload vulnerability discovered by oddshacker in WordPress Plugin Canto versions = 3.1.1...
WordPress Multi Functional Flexi Lightbox plugin <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via 'message' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin Multi Functional Flexi Lightbox versions = 1.2...
WordPress Xhanch - My Advanced Settings plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability
WordPress Xhanch - My Advanced Settings plugin = 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Xhanch – My Advanced Settings versions = 1.1.2...
WordPress Lobot Slider Administrator plugin <= 0.6.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Lobot Slider Administrator versions = 0.6.0...