46571 matches found
WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin SiteGround Email Marketing versions = 1.7.5...
WordPress Frontend File Manager Plugin plugin <= 23.6 - Unauthenticated Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download vulnerability discovered by Alexander Jurkschat in WordPress Plugin Frontend File Manager versions = 23.6...
WordPress Cornerstone plugin < 7.8.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Cornerstone versions 7.8.9...
WordPress Site Kit by Google plugin < 1.176.0 - Editor+ Email Reporting Settings Update vulnerability
Editor+ Email Reporting Settings Update vulnerability discovered by Shashank in WordPress Plugin Site Kit by Google versions 1.176.0...
WordPress AI Share & Summarize plugin < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute vulnerability
Contributor+ Stored XSS via titlestyle Shortcode Attribute vulnerability discovered by Haitam Lazaar in WordPress Plugin AI Share & Summarize versions 2.0.4...
WordPress Infility Global plugin < 2.15.20 - Editor+ SQL Injection via orderby Parameter vulnerability
Editor+ SQL Injection via orderby Parameter vulnerability discovered by Mustafa Ahmed in WordPress Plugin Infility Global versions 2.15.20...
WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme ListingPro versions = 2.9.11...
WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Customer Reviews for WooCommerce versions = 5.110.1...
WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.9...
WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Responsive Lightbox versions = 2.7.6...
WordPress Gutenverse Form plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Gutenverse Form versions = 2.4.7...
WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.4 - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.4 - Page Builder for Gutenberg Blocks & Patterns = 6.1.4 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Viet Anh Ngo in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.4...
WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Quick Interest Slider versions = 3.1.6...
WordPress Napoli plugin <= 2.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Napoli versions = 2.2.4...
WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Frisbii Pay versions = 1.8.2...
WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.53.1...
WordPress WP Meta SEO plugin <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by zedeq - dmz-zedeq in WordPress Plugin WP Meta SEO versions = 4.5.18...
WordPress URL Preview plugin <= 1.0 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Eason - The University of Sydney in WordPress Plugin URL Preview versions = 1.0...
WordPress Kargo Takip plugin <= 1.2 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Kargo Takip versions = 1.2...
WordPress EntreDroppers plugin <= 1.1.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin EntreDroppers versions = 1.1.2...
WordPress Image Sizes on Demand plugin <= 1.3 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Image Sizes on Demand versions = 1.3...
WordPress Cincopa video and media plug-in plugin <= 1.163 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Post Video Players versions = 1.163...
WordPress Email JavaScript Cloak plugin <= 1.03 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Email JavaScript Cloak versions = 1.03...
WordPress ARforms plugin <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by h0xilo in WordPress Plugin ARForms versions = 7.1.3...
WordPress AdRotate Banner Manager plugin <= 5.17.7 - Authenticated (Contributor+) PHP Code Injection vulnerability
Authenticated Contributor+ PHP Code Injection vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin AdRotate Banner Manager versions = 5.17.7...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.9.2...
WordPress Welcome Software Publishing plugin <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation vulnerability
Authenticated Subscriber+ Arbitrary Options Update to Privilege Escalation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Welcome Software Publishing versions = 0.0.31...
WordPress WP Forms Connector plugin <= 1.8 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
WordPress Invoice Generator plugin <= 1.0.0 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Alyudin Nafiie in WordPress Plugin Invoice Generator versions = 1.0.0...
WordPress SignUp & SignIn plugin <= 1.0.0 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin SignUp & SignIn versions = 1.0.0...
WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.5...
WordPress WP Meta SEO plugin <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability
Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Enes Ismail - Enes in WordPress Plugin WP Meta SEO versions = 4.5.18...
WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...
WordPress MIR blocks and shortcodes plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin MIR blocks and shortcodes versions = 1.0.0...
WordPress Advanced Contact Form 7 – Compact DB plugin <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Advanced Contact Form 7 – Compact DB versions = 1.0.0...
WordPress Bulk SEO Image plugin <= 1.1 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by nishida azuka in WordPress Plugin Bulk SEO Image versions = 1.1...
WordPress Blue Captcha plugin <= 2.0.1 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Kamil Królikowski - Asseco Poland S.A. in WordPress Plugin Blue Captcha versions = 2.0.1...
WordPress MotorDesk plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin MotorDesk versions = 1.1.2...
WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...
WordPress Avalon23 Products Filter for WooCommerce plugin <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Avalon23 Products Filter for WooCommerce versions = 1.1.6...
WordPress Generate Security.txt plugin <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Security.txt Deletion vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Generate Security.txt versions = 1.0.12...
WordPress Reviews and Rating – Docplanner plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Reviews and Rating – Docplanner versions = 1.1.4...
WordPress WhatsOrder – Instant Checkout for WooCommerce plugin <= 1.0.1 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WhatsOrder – Instant Checkout for WooCommerce versions = 1.0.1...
WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion vulnerability
Missing Authorization to Unauthenticated Account Deletion vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...
WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...
WordPress 24liveblog – live blog tool plugin <= 2.2 - Missing Authorization to Authenticated (Author+) Settings Modification vulnerability
Missing Authorization to Authenticated Author+ Settings Modification vulnerability discovered by g0wthr in WordPress Plugin 24liveblog – live blog tool versions = 2.2...
WordPress 24liveblog – live blog tool plugin <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information vulnerability
Authenticated Contributor+ Exposure of Sensitive Information vulnerability discovered by g0wthr in WordPress Plugin 24liveblog – live blog tool versions = 2.2...
WordPress Osiris Signature Banner plugin <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin Osiris Signature Banner versions = 0.5...
WordPress RentMy Real-Time Rental Management Plugin plugin <= 4.0.4.1 - Missing Authorization to Unauthenticated Settings Update vulnerability
Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin RentMy Real-Time Rental Management Plugin versions = 4.0.4.1...