46684 matches found
WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PowerPack Pro for Elementor versions v2.13.0...
WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.16...
WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Lorenzo Fradeani in WordPress Plugin WP Event SOlution versions = 4.1.8...
WordPress WPPizza plugin <= 3.19.9 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Muhan Luo in WordPress Plugin WPPizza versions = 3.19.9...
WordPress Complianz – GDPR/CCPA Cookie Consent plugin <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure vulnerability
Missing Authorization to Unauthenticated Private Post Content Disclosure vulnerability discovered by Wesley van de Kamp - Conda Security in WordPress Plugin Complianz versions = 7.4.5...
WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Niv Kochan in WordPress Plugin Amelia versions = 2.2...
NPM: Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion
NPM: Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion vulnerability discovered by ? in WordPress Npm thrift versions 0.23.0...
WordPress Check & Log Email plugin < 2.0.13 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Check & Log Email versions 2.0.13...
WordPress Woostify theme <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Woostify versions = 2.5.0...
WordPress Timeline Blocks for Gutenberg plugin <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Timeline Blocks for Gutenberg versions = 1.1.10...
WordPress Social Post Embed plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by hxuu in WordPress Plugin Social Post Embed versions = 2.0.1...
WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Sajjad Haqi in WordPress Plugin WP User Frontend versions = 4.3.1...
WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Order Delivery Date for WooCommerce versions = 4.5.1...
WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Profile Builder Pro versions = 3.15.0...
WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Simply Schedule Appointments versions 1.6.11.2...
WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.1...
WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme AI Lab versions 5.4.2...
WordPress LatePoint plugin <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability
Authenticated Agent+ Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability vulnerability discovered by skyv3il - AI SAFE in WordPress Plugin LatePoint versions = 5.4.1...
WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions 5.12.1.1...
WordPress Highland Software Custom Role Manager plugin <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Herc Bandiola in WordPress Plugin Highland Software Custom Role Manager versions = 1.0.0...
WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SureForms Pro versions = 2.8.0...
WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Templately versions = 3.6.1...
NPM: OpenClaw: Agent gateway config mutations could change protected operator settings
NPM: OpenClaw: Agent gateway config mutations could change protected operator settings vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy
NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests
NPM: OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.5, 2026.4.20...
NPM: OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks
NPM: OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config
NPM: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Isolated cron awareness events were recorded as trusted system events
NPM: OpenClaw: Isolated cron awareness events were recorded as trusted system events vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy
NPM: OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization
NPM: OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in
NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: simple-git is vulnerable to Remote Code Execution
NPM: simple-git is vulnerable to Remote Code Execution vulnerability discovered by ? in WordPress Npm simple-git versions 3.36.0...
WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...
WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Groundhogg versions 4.4.1...
NPM: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
NPM: PostCSS has XSS via Unescaped in its CSS Stringify Output vulnerability discovered by ? in WordPress Npm postcss versions 8.5.10...
WordPress HT Mega plugin < 3.0.7 - Unauthenticated PII Disclosure vulnerability
Unauthenticated PII Disclosure vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin HT Mega versions 3.0.7...
WordPress Drag and Drop File Upload for Contact Form 7 plugin <= 1.1.3 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Thomas Sanzey in WordPress Plugin Drag and Drop File Upload for Contact Form 7 versions = 1.1.3...
WordPress WP reCaptcha by WebDesignBy plugin < 2.0 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Mustafa Ahmed in WordPress Plugin reCaptcha by WebDesignBy versions 2.0...
WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin KiviCare versions = 4.2.1...
WordPress ITERAS plugin <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin ITERAS versions = 1.8.2...
WordPress HubSpot All-In-One Marketing – Forms, Popups, Live Chat plugin <= 11.3.32 - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure vulnerability
Forms, Popups, Live Chat plugin = 11.3.32 - Forms, Popups, Live Chat = 11.3.32 - Missing Authorization to Authenticated Contributor+ Installed Plugin Disclosure vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin HubSpot versions = 11.3.32...
WordPress Liaison Site Prober plugin <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability
Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Liaison Site Prober versions = 1.2.1...
WordPress Taqnix plugin <= 1.0.3 - Cross-Site Request Forgery to Account Deletion vulnerability
Cross-Site Request Forgery to Account Deletion vulnerability discovered by theviper17y in WordPress Plugin Taqnix versions = 1.0.3...
WordPress WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes plugin <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update vulnerability
Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Books Gallery versions = 4.8.0...
WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1056 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...
WordPress Booking Calendar Contact Form plugin <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Calendar Takeover vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Calendar Contact Form versions = 1.2.63...
WordPress ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability
Authenticated Subscriber+ Missing Authorization to Google Ads Access Token Retrieval vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin ExactMetrics versions = 9.1.2...
WordPress BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage vulnerability
Missing Authorization to Authenticated Subscriber+ Unauthorized AI API Usage vulnerability discovered by h0xilo in WordPress Plugin BetterDocs versions = 4.3.11...
WordPress MaxiBlocks Builder plugin <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion vulnerability
Missing Authorization to Authenticated Author+ Media File Deletion vulnerability discovered by Teerachai Somprasong in WordPress Plugin MaxiBlocks versions = 2.1.8...