46571 matches found
NPM: neotoma has tenant isolation gap in relationship query endpoints
NPM: neotoma has tenant isolation gap in relationship query endpoints vulnerability discovered by ? in WordPress Npm neotoma versions = 0.13.0, 0.14.0...
NPM: i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string
NPM: i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string vulnerability discovered by ? in WordPress Npm i18next-fs-backend versions 2.6.6...
NPM: i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names
NPM: i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names vulnerability discovered by ? in WordPress Npm i18next-http-middleware versions 3.9.7...
WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by NETZLICHT in WordPress Plugin OMGF Pro versions = 5.2.6...
WordPress FOX plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin FOX versions = 1.4.8...
WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by bekitousei in WordPress Plugin Everest Forms versions = 3.4.8...
WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Psalms Christopher Matovu ByteOverride in WordPress Plugin SureCart versions = 4.2.2...
WordPress WoodMart theme <= 8.5.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme WoodMart versions = 8.5.3...
WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Mokksh Parekh in WordPress Plugin Advance Product Search versions = 1.4.4...
WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by VanTastic in WordPress Plugin Toolset Forms versions = 2.6.24...
WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Rafie Muhammad in WordPress Plugin JetEngine versions = 3.8.10.2...
WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin JetSmartFilters versions = 3.8.3...
WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin ShortPixel Adaptive Images versions = 3.11.4...
WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by anhcd05 in WordPress Plugin Tourfic versions = 2.22.5...
WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Roll in WordPress Plugin MailChimp Block versions = 1.1.15...
WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Quotes llama versions = 3.1.5...
WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.5...
WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.4 - Authenticated (Custom+) SQL Injection vulnerability
Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.4...
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 7.1.1...
WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Jamaal ahmed in WordPress Theme Travel Booking versions = 2.2.5...
WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by daroo in WordPress Plugin Quform versions = 2.23.0...
WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator Pro versions = 7.3.0.6...
WordPress RealHomes theme <= 4.5.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Theme RealHomes versions = 4.5.3...
WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin JS Help Desk versions = 3.1.1...
WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by L4m in WordPress Plugin WPCafe versions = 3.0.14...
WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin EventPrime versions = 4.3.4.1...
WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin TablePress versions = 3.3.1...
WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HaiND in WordPress Plugin PPOM for WooCommerce versions = 33.0.18...
WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by daroo in WordPress Plugin Post Snippets versions = 4.0.19...
WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin perfmatters versions = 2.6.3...
WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Payment Gateway Based Fees and Discounts for WooCommerce versions = 3.0.0...
WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Blog2Social versions = 8.9.2...
WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Automatic versions 3.135.1...
WordPress Themeco Cornerstone plugin < 7.8.8 - Subscriber+ Arbitrary User Password Hash Disclosure vulnerability
Subscriber+ Arbitrary User Password Hash Disclosure vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Cornerstone versions 7.8.8...
WordPress Post Duplicator plugin < 3.0.15 - Contributor+ PHP Object Injection via customMetaData vulnerability
Contributor+ PHP Object Injection via customMetaData vulnerability discovered by Md. Minaruzzaman Shovon in WordPress Plugin Post Duplicator versions 3.0.15...
WordPress Frontend File Manager Plugin plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability
Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability discovered by Mohamad Nour Almujarkesh in WordPress Plugin Frontend File Manager versions = 23.6...
WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...
WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Neve PRO versions = 3.1.2...
WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SeedProd Pro versions 6.19.5...
WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image versions = 2.1...
WordPress Slick Popup plugin <= 1.7.15 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slick Popup versions = 1.7.15...
WordPress Simple Basic Contact Form plugin <= 20250114 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Juthawong Naisanguansee in WordPress Plugin Simple Basic Contact Form versions = 20250114...
WordPress Infility Global plugin < 2.15.19 - Subscriber+ SQL Injection via order Parameter vulnerability
Subscriber+ SQL Injection via order Parameter vulnerability discovered by TRAN THE LONG in WordPress Plugin Infility Global versions 2.15.19...
WordPress Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin <= 2.22.7 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Tourfic versions = 2.22.7...
WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by MD Shariful Islam in WordPress Plugin SEOPress PRO versions = 9.1.1...
WordPress Request a Quote plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Request a Quote versions = 2.5.2...
WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Slim SEO versions = 4.6.2...
WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability
Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...
WordPress Dokan Pro plugin <= 5.0.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...
WordPress Dokan Pro plugin <= 5.0.4 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...