46704 matches found
WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability
WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin = 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability discovered by WordFence in WordPress Plugin WowStore versions = 4.4.3...
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nfsetentryupdateid vulnerability discovered by Youssef Elouaer in WordPress Plugin NEX-Forms versions = 9.1.9...
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability
WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...
WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability
Missing Authorization to Unauthenticated Arbitrary Post Modification via 'postid' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.2.8...
WordPress Wicked Folders plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by Youssef Elouaer in WordPress Plugin Wicked Folders versions = 4.1.0...
WordPress Thim Kit for Elementor plugin <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure vulnerability
Missing Authorization to Unauthenticated Private Course Disclosure vulnerability discovered by Youssef Elouaer in WordPress Plugin Thim Elementor Kit versions = 1.3.7...
WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by blank in WordPress Plugin Master Addons for Elementor versions = 2.1.3...
WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP EasyPay versions = 4.2.11...
WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Aman Rawat in WordPress Plugin Modern Events Calendar versions = 7.29.0...
WordPress Flexmls® IDX plugin <= 3.15.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Riski Gana Prasetya in WordPress Plugin Flexmls® IDX versions = 3.15.9...
WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions = 7.6.3...
WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Arif Shaikh in WordPress Plugin LearnPress Sepay Payment versions = 4.0.0...
WordPress ViaBill – WooCommerce plugin <= 1.1.53 - Settings Change vulnerability
Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin ViaBill WooCommerce versions = 1.1.53...
WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability
WordPress ACPT Pro - Custom Post Types plugin for WordPress plugin = 2.0.47 - Remote Code Execution RCE vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin ACPT Pro - Custom Post Types Plugin for WordPress versions = 2.0.47...
WordPress Admin Safety Guard plugin <= 1.2.7 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Robert Akhmerov v31dt in WordPress Plugin Admin Safety Guard versions = 1.2.7...
WordPress WZone plugin <= 14.0.31 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WZone versions = 14.0.31...
WordPress WZone plugin <= 14.0.31 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WZone versions = 14.0.31...
WordPress Post Snippets plugin <= 4.0.12 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by Doan Dinh Van in WordPress Plugin Post Snippets versions = 4.0.12...
WordPress Unlimited Elements for Elementor (Premium) plugin <= 1.4.72 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Unlimited Elements for Elementor Premium versions = 1.4.72...
WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Theme Photography versions 7.7.6...
WordPress Total Poll Lite plugin <= 4.12.0 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by hhhai in WordPress Plugin Total Poll Lite versions = 4.12.0...
WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Infinite Scroll versions = 1.6.2...
WordPress StoreCustomizer plugin <= 2.6.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin StoreCustomizer versions = 2.6.3...
WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by daroo in WordPress Plugin Dokan versions = 4.2.4...
WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Tutor LMS versions = 3.9.4...
WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin tagDiv Opt-In Builder versions = 1.7.3...
WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...
WordPress Jobica Core plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.1...
WordPress The Aisle Core plugin <= 2.0.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin The Aisle Core versions = 2.0.5...
WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...
WordPress Jobica Core plugin <= 1.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.1...
WordPress Jobica Core plugin <= 1.4.2 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.2...
WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Curly Core versions = 2.1.6...
WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...
WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...
WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...
WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...
WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...
WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Elated Listing versions = 1.4...
WordPress Really Simple SSL plugin <= 9.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Or Benit in WordPress Plugin Really Simple SSL versions = 9.5.7...
WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.36 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Marc-André Beaulieu h3dg3h0g in WordPress Plugin Ultimate Addons for Contact Form 7 versions = 3.5.36...
WordPress UpsellWP plugin <= 2.2.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin UpsellWP versions = 2.2.4...
WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Search & Go versions = 2.8...
WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability
Bypass Vulnerability vulnerability discovered by PPzzAArr in WordPress Plugin Subscriptions for WooCommerce versions = 1.8.10...
WordPress Formidable Forms plugin <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter vulnerability
Unauthenticated Payment Amount Manipulation via 'itemmeta' Parameter vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Formidable Forms versions = 6.28...
WordPress Formidable Forms plugin <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability
Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability discovered by Andres Cruciani in WordPress Plugin Formidable Forms versions = 6.28...
WordPress Appointment Booking Calendar plugin <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability discovered by Muhammad Sharief in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.29...
WordPress Pix for WooCommerce plugin <= 1.5.0 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Alexis Lafontaine in WordPress Plugin Pix for WooCommerce versions = 1.5.0...
WordPress Social Icons Widget & Block plugin <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Sharing Configuration Creation vulnerability discovered by darkmode in WordPress Plugin Social Icons Widget & Block by WPZOOM versions = 4.5.8...
WordPress Calculated Fields Form plugin <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Form Settings vulnerability discovered by Hunter Jensen skid in WordPress Plugin Calculated Fields Form versions = 5.4.5.0...