45960 matches found
WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin avalex versions = 3.1.3...
WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin EventPrime versions = 4.2.8.0...
WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Booster for WooCommerce versions 7.11.3...
WordPress Listeo Core plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Listeo Core versions = 2.0.21...
WordPress UpSolution Core plugin <= 8.41 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin UpSolution Core versions = 8.41...
WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by PPzzAArr in WordPress Plugin CP Multi View Event Calendar versions = 1.4.35...
WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability
WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin = 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability discovered by WordFence in WordPress Plugin WowStore versions = 4.4.3...
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nfsetentryupdateid vulnerability discovered by Youssef Elouaer in WordPress Plugin NEX-Forms versions = 9.1.9...
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...
WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability
Missing Authorization to Unauthenticated Arbitrary Post Modification via 'postid' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.2.8...
WordPress Wicked Folders plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by Youssef Elouaer in WordPress Plugin Wicked Folders versions = 4.1.0...
WordPress Thim Kit for Elementor plugin <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure vulnerability
Missing Authorization to Unauthenticated Private Course Disclosure vulnerability discovered by Youssef Elouaer in WordPress Plugin Thim Elementor Kit versions = 1.3.7...
WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by blank in WordPress Plugin Master Addons for Elementor versions = 2.1.3...
WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP EasyPay versions = 4.2.11...
WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Aman Rawat in WordPress Plugin Modern Events Calendar versions = 7.29.0...
WordPress Flexmls® IDX plugin <= 3.15.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Riski Gana Prasetya in WordPress Plugin Flexmls® IDX versions = 3.15.9...
WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions = 7.6.3...
WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Arif Shaikh in WordPress Plugin LearnPress Sepay Payment versions = 4.0.0...
WordPress ViaBill – WooCommerce plugin <= 1.1.53 - Settings Change vulnerability
Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin ViaBill WooCommerce versions = 1.1.53...
WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability
WordPress ACPT Pro - Custom Post Types plugin for WordPress plugin = 2.0.47 - Remote Code Execution RCE vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin ACPT Pro - Custom Post Types Plugin for WordPress versions = 2.0.47...
WordPress Admin Safety Guard plugin <= 1.2.7 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Robert Akhmerov v31dt in WordPress Plugin Admin Safety Guard versions = 1.2.7...
WordPress WZone plugin <= 14.0.31 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WZone versions = 14.0.31...
WordPress WZone plugin <= 14.0.31 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WZone versions = 14.0.31...
WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Doan Dinh Van in WordPress Plugin Post Snippets versions = 4.0.12...
WordPress Unlimited Elements for Elementor (Premium) plugin <= 1.4.72 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Unlimited Elements for Elementor Premium versions = 1.4.72...
WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Theme Photography versions 7.7.6...
WordPress Total Poll Lite plugin <= 4.12.0 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by hhhai in WordPress Plugin Total Poll Lite versions = 4.12.0...
WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Infinite Scroll versions = 1.6.2...
WordPress StoreCustomizer plugin <= 2.6.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin StoreCustomizer versions = 2.6.3...
WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by daroo in WordPress Plugin Dokan versions = 4.2.4...
WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Tutor LMS versions = 3.9.4...
WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin tagDiv Opt-In Builder versions = 1.7.3...
WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...
WordPress Jobica Core plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.1...
WordPress The Aisle Core plugin <= 2.0.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin The Aisle Core versions = 2.0.5...
WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...
WordPress Jobica Core plugin <= 1.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.1...
WordPress Jobica Core plugin <= 1.4.2 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.2...
WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Curly Core versions = 2.1.6...
WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...
WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...
WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...
WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...
WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...
WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Elated Listing versions = 1.4...
WordPress Really Simple SSL plugin <= 9.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Or Benit in WordPress Plugin Really Simple SSL versions = 9.5.7...
WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.36 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Marc-André Beaulieu h3dg3h0g in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.36...
WordPress UpsellWP plugin <= 2.2.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin UpsellWP versions = 2.2.4...
WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Search & Go versions = 2.8...
WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability
Bypass Vulnerability vulnerability discovered by PPzzAArr in WordPress Plugin Subscriptions for WooCommerce versions = 1.8.10...