46704 matches found
WordPress WP Posts Re-order plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WP Posts Re-order versions = 1.0...
WordPress Invelity Products Feeds plugin <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Invelity Product Feeds versions = 1.2.6...
WordPress itsukaita plugin <= 0.1.2 - Reflected Cross-Site Scripting via 'day_from' Parameter vulnerability
Reflected Cross-Site Scripting via 'dayfrom' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin itsukaita versions = 0.1.2...
WordPress Content Syndication Toolkit plugin <= 1.3 - Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability
Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability discovered by theviper17y in WordPress Plugin Content Syndication Toolkit versions = 1.3...
WordPress Performance Monitor plugin <= 1.0.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability
Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability discovered by Afshin Shekaari in WordPress Plugin Performance Monitor versions = 1.0.6...
WordPress Mandatory Field plugin <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings Fields vulnerability discovered by 0x34rth in WordPress Plugin Mandatory Field versions = 1.6.8...
WordPress Multi Post Carousel by Category plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slides' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'slides' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Multi Post Carousel by Category versions = 1.4...
WordPress Survey plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Survey versions = 1.1...
WordPress Add Google Social Profiles to Knowledge Graph Box plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Add Google Social Profiles to Knowledge Graph Box versions = 1.0...
WordPress PQ Addons - Creative Elementor Widgets plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes vulnerability
WordPress PQ Addons - Creative Elementor Widgets plugin = 1.0.0 - Authenticated Contributor+ Stored Cross-Site Scripting via Widget Attributes vulnerability discovered by WordFence in WordPress Plugin PQ Addons – Creative Elementor Widgets versions = 1.0.0...
WordPress Redirect countdown plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Redirect countdown versions = 1.0...
WordPress SR WP Minify HTML plugin <= 2.1 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SR WP Minify HTML versions = 2.1...
WordPress Schema Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Schema Shortcode versions = 1.0...
WordPress iVysilani Shortcode plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin iVysilani Shortcode versions = 3.0...
WordPress Post Flagger plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slug' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'slug' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Post Flagger versions = 1.1...
WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...
WordPress Tour & Activity Operator Plugin for TourCMS plugin <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Tour & Activity Operator Plugin for TourCMS versions = 1.7.0...
WordPress Company Posts for LinkedIn plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary LinkedIn Post Data Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary LinkedIn Post Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Company Posts for LinkedIn versions = 1.0.0...
WordPress Easy Image Gallery plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Gallery SHORTCODE Post Meta vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Easy Image Gallery versions = 1.5.3...
WordPress Weaver Show Posts plugin <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin Weaver Show Posts versions = 1.8.1...
WordPress Quentn WP plugin <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie vulnerability
Unauthenticated SQL Injection via 'qntnwpaccess' Cookie vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Quentn WP versions = 1.2.12...
WordPress Task Manager plugin <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by theviper17y in WordPress Plugin Task Manager versions = 3.0.2...
WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin <= 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability
WordPress App Builder - Create Native Android & iOS Apps On The Flight plugin = 5.5.10 - Unauthenticated Limited Privilege Escalation via 'role' Parameter vulnerability discovered by Gibran Abdillah in WordPress Plugin App Builder versions = 5.5.10...
WordPress MimeTypes Link Icons plugin <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content vulnerability
Authenticated Contributor+ Server-Side Request Forgery via Crafted Links in Post Content vulnerability discovered by Kai Aizen in WordPress Plugin MimeTypes Link Icons versions = 3.2.20...
WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via 'sort_by' and 'sort_order' Parameters vulnerability
Authenticated Administrator+ SQL Injection via 'sortby' and 'sortorder' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin myLinksDump versions = 1.6...
WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...
WordPress Review Map by RevuKangaroo plugin <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Review Map by RevuKangaroo versions = 1.7...
WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability
Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Fonts Manager | Custom Fonts versions = 1.2...
WordPress Reward Video Ad for WordPress plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Reward Video Ad for WordPress versions = 1.6...
WordPress Ed's Font Awesome plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Font Awesome versions = 2.0...
WordPress Ed's Social Share plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Ed's Social Share versions = 2.0...
WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability
WordPress Ricerca - advanced search plugin = 1.1.12 - Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Ricerca – advanced search versions = 1.1.12...
WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Helpdesk Support Ticket System for WooCommerce versions = 2.1.2...
WordPress ElementCamp plugin <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability
Authenticated Author+ SQL Injection via 'metaquerycompare' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin ElementCamp versions = 2.3.6...
WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Team versions = 5.0.11...
WordPress CMS Commander plugin <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability
Authenticated Custom+ SQL Injection via 'orblogname' Parameter vulnerability discovered by WordFence in WordPress Plugin CMS Commander versions = 2.288...
WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by san6051 - PWC in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...
WordPress Comment SPAM Wiper plugin <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'API Key' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Comment SPAM Wiper versions = 1.2.1...
WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by mcdruid in WordPress Plugin SimpLy Gallery versions = 3.3.2...
WordPress Wikilookup plugin <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Wikilookup versions = 1.1.5...
WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Woody ad snippets versions = 2.7.1...
WordPress Canto plugin <= 3.1.1 - Missing Authorization to Unauthenticated File Upload vulnerability
Missing Authorization to Unauthenticated File Upload vulnerability discovered by oddshacker in WordPress Plugin Canto versions = 3.1.1...
WordPress Multi Functional Flexi Lightbox plugin <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via 'message' Parameter vulnerability discovered by san6051 - PWC in WordPress Plugin Multi Functional Flexi Lightbox versions = 1.2...
WordPress Xhanch - My Advanced Settings plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability
WordPress Xhanch - My Advanced Settings plugin = 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Xhanch – My Advanced Settings versions = 1.1.2...
WordPress Lobot Slider Administrator plugin <= 0.6.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Lobot Slider Administrator versions = 0.6.0...
WordPress FuseDesk plugin <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin FuseDesk versions = 6.8...
WordPress Any Post Slider plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'posttype' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Any Post Slider versions = 1.0.4...
WordPress Appmax plugin <= 1.0.3 - Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability
Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability discovered by WordFence in WordPress Plugin Appmax versions = 1.0.3...
WordPress Go Night Pro | WordPress Dark Mode Plugin plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Go Night Pro versions = 1.1.0...
WordPress Build App Online plugin <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability
Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability discovered by WordFence in WordPress Plugin Build App Online versions = 1.0.23...