46541 matches found
WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Payment Gateway Based Fees and Discounts for WooCommerce versions = 3.0.0...
WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Blog2Social versions = 8.9.2...
WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Automatic versions 3.135.1...
WordPress Themeco Cornerstone plugin < 7.8.8 - Subscriber+ Arbitrary User Password Hash Disclosure vulnerability
Subscriber+ Arbitrary User Password Hash Disclosure vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Cornerstone versions 7.8.8...
WordPress Post Duplicator plugin < 3.0.15 - Contributor+ PHP Object Injection via customMetaData vulnerability
Contributor+ PHP Object Injection via customMetaData vulnerability discovered by Md. Minaruzzaman Shovon in WordPress Plugin Post Duplicator versions 3.0.15...
WordPress Frontend File Manager Plugin plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability
Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability discovered by Mohamad Nour Almujarkesh in WordPress Plugin Frontend File Manager versions = 23.6...
WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Steven Julian in WordPress Plugin Elementor Website Builder versions = 4.1.3...
WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Neve PRO versions = 3.1.2...
WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SeedProd Pro versions 6.19.5...
WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image versions = 2.1...
WordPress Slick Popup plugin <= 1.7.15 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slick Popup versions = 1.7.15...
WordPress Simple Basic Contact Form plugin <= 20250114 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Juthawong Naisanguansee in WordPress Plugin Simple Basic Contact Form versions = 20250114...
WordPress Infility Global plugin < 2.15.19 - Subscriber+ SQL Injection via order Parameter vulnerability
Subscriber+ SQL Injection via order Parameter vulnerability discovered by TRAN THE LONG in WordPress Plugin Infility Global versions 2.15.19...
WordPress Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin <= 2.22.7 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Tourfic versions = 2.22.7...
WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by MD Shariful Islam in WordPress Plugin SEOPress PRO versions = 9.1.1...
WordPress Request a Quote plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Request a Quote versions = 2.5.2...
WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Slim SEO versions = 4.6.2...
WordPress Gravity Bookings plugin <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection vulnerability
Authenticated Subscriber+ Time-Based SQL Injection vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Gravity Forms Bookings premium versions = 2.7.1...
WordPress Dokan Pro plugin <= 5.0.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...
WordPress Dokan Pro plugin <= 5.0.4 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...
WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin SiteGround Email Marketing versions = 1.7.5...
WordPress Frontend File Manager Plugin plugin <= 23.6 - Unauthenticated Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download vulnerability discovered by Alexander Jurkschat in WordPress Plugin Frontend File Manager versions = 23.6...
WordPress Cornerstone plugin < 7.8.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Cornerstone versions 7.8.9...
WordPress Site Kit by Google plugin < 1.176.0 - Editor+ Email Reporting Settings Update vulnerability
Editor+ Email Reporting Settings Update vulnerability discovered by Shashank in WordPress Plugin Site Kit by Google versions 1.176.0...
WordPress AI Share & Summarize plugin < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute vulnerability
Contributor+ Stored XSS via titlestyle Shortcode Attribute vulnerability discovered by Haitam Lazaar in WordPress Plugin AI Share & Summarize versions 2.0.4...
WordPress Infility Global plugin < 2.15.20 - Editor+ SQL Injection via orderby Parameter vulnerability
Editor+ SQL Injection via orderby Parameter vulnerability discovered by Mustafa Ahmed in WordPress Plugin Infility Global versions 2.15.20...
WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme ListingPro versions = 2.9.11...
WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Customer Reviews for WooCommerce versions = 5.110.1...
WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.9...
WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Responsive Lightbox versions = 2.7.6...
WordPress Gutenverse Form plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Gutenverse Form versions = 2.4.7...
WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.4 - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.4 - Page Builder for Gutenberg Blocks & Patterns = 6.1.4 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Viet Anh Ngo in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.4...
WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Quick Interest Slider versions = 3.1.6...
WordPress Napoli plugin <= 2.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Napoli versions = 2.2.4...
WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Frisbii Pay versions = 1.8.2...
WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.53.1...
WordPress WP Meta SEO plugin <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by zedeq - dmz-zedeq in WordPress Plugin WP Meta SEO versions = 4.5.18...
WordPress URL Preview plugin <= 1.0 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Eason - The University of Sydney in WordPress Plugin URL Preview versions = 1.0...
WordPress Kargo Takip plugin <= 1.2 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Kargo Takip versions = 1.2...
WordPress EntreDroppers plugin <= 1.1.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin EntreDroppers versions = 1.1.2...
WordPress Image Sizes on Demand plugin <= 1.3 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Image Sizes on Demand versions = 1.3...
WordPress Cincopa video and media plug-in plugin <= 1.163 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Post Video Players versions = 1.163...
WordPress Email JavaScript Cloak plugin <= 1.03 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Email JavaScript Cloak versions = 1.03...
WordPress ARforms plugin <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by h0xilo in WordPress Plugin ARForms versions = 7.1.3...
WordPress AdRotate Banner Manager plugin <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection vulnerability
Authenticated Contributor+ PHP Code Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin AdRotate Banner Manager versions = 5.17.7...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.9.2...
WordPress Welcome Software Publishing plugin <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation vulnerability
Authenticated Subscriber+ Arbitrary Options Update to Privilege Escalation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Welcome Software Publishing versions = 0.0.31...
WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
WordPress Invoice Generator plugin <= 1.0.0 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Alyudin Nafiie in WordPress Plugin Invoice Generator versions = 1.0.0...