46571 matches found
WordPress Advance Nav Menu Manager plugin <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Nav Menu Item Modification vulnerability discovered by Hardik Patel in WordPress Plugin Advance Nav Menu Manager versions = 1.3...
WordPress SearchPlus plugin <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability
Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability discovered by Legion Hunter in WordPress Plugin SearchPlus versions = 1.7.1...
WordPress Assistio plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Assistio versions = 1.1.2...
WordPress Secufor_OAuth plugin <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout vulnerability
Missing Authorization to Unauthenticated Account Logout vulnerability discovered by SHIVAM KUMAR in WordPress Plugin SecuforOAuth versions = 1.0.7...
WordPress MP Customize Login Page plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin MP Customize Login Page versions = 1.0...
WordPress Themify Store Locator plugin <= 1.2.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Store Locator versions = 1.2.0...
WordPress Themify Event Post plugin <= 1.3.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Event Post versions = 1.3.3...
WordPress Xpro Addons — 140+ Widgets for Elementor plugin <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Huazu Jiang anjhz0318 - Tsinghua University in WordPress Plugin Xpro Elementor Addons versions = 1.7.2...
WordPress Themify Portfolio Post plugin <= 1.2.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Portfolio Post versions = 1.2.9...
WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Themify Popup versions = 1.4.3...
WordPress 워드프레스 결제 심플페이 plugin <= 5.5.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by qdtad in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.5.6...
WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability
Multiple Vulnerabilities vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin BitFire Security versions = 5.0.3...
WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Benedictus Jovan aillesim/eneri in WordPress Plugin Library Management System versions = 3.5.7...
WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by VanTastic in WordPress Plugin Dokan Pro versions = 5.0.4...
WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Buddyboss Platform versions = 3.0.4...
WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by theviper17 in WordPress Plugin utm.codes versions = 1.9.0...
WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...
WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Nabil Irawan in WordPress Plugin Paytium versions = 5.0.2...
WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by ParkHyunWoo in WordPress Plugin CorvusPay WooCommerce Payment Gateway versions = 2.7.4...
WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Evan NR in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.9...
WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Jakub Herman in WordPress Plugin Booster for WooCommerce versions = 8.0.1...
WordPress Italian Restaurant theme <= 3.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Italian Restaurant versions = 3.0.2...
WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by mcdruid in WordPress Plugin MainWP Child versions = 6.1.1...
WordPress Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin <= 2.11.4 - Authenticated (Contributor+) Account Takeover vulnerability
Authenticated Contributor+ Account Takeover vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.11.4...
NPM: devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs
NPM: devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs vulnerability discovered by ? in WordPress Npm devbridge-autocomplete versions = 2.0.0...
NPM: scimPatch vulnerable to prototype pollution via unfiltered keys in patch
NPM: scimPatch vulnerable to prototype pollution via unfiltered keys in patch vulnerability discovered by ? in WordPress Npm scim-patch versions = 0.9.0...
WordPress Transbank Webpay plugin < 1.14.0 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Mateo Contenla & Matías Schiappacasse in WordPress Plugin Transbank Webpay REST versions 1.14.0...
WordPress CF7 Auto Responder Addon plugin < 2.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin CF7 Auto Responder Addon versions 2.5...
WordPress LBG Zoominoutslider plugin <= 5.4.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin LBG Zoominoutslider versions = 5.4.4...
WordPress Vitepos plugin < 3.4.2 - Outlet Manager+ Privilege Escalation vulnerability
Outlet Manager+ Privilege Escalation vulnerability discovered by RealKingEngine ISAL FRAMEWORK in WordPress Plugin Vitepos versions 3.4.2...
WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action vulnerability
Missing Authorization to Unauthenticated File Modification via simplefilelisteditjob AJAX Action vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...
WordPress Simple File List plugin <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability
Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability
Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...
WordPress Motors Car Dealership & Classified Listings plugin < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media vulnerability
Unauthenticated Post-Meta Write via stmajaxaddacarmedia vulnerability discovered by Mustafa Ahmed in WordPress Plugin Motors versions 1.4.110...
WordPress Pie Register plugin < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token vulnerability
Unauthenticated Email Verification Bypass via Predictable Token vulnerability discovered by Haitam Lazaar in WordPress Plugin Pie Register versions 3.8.4.10...
WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary File Operations Deletion / Move / Folder Creation / Download via 'frontmanage' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...
WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by nobody09 in WordPress Plugin User Registration versions = 5.2.2...
NPM: appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)
NPM: appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource createLocatorGeneratorUI vulnerability discovered by ? in WordPress Npm appium-mcp versions = 1.85.9...
NPM: parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change
NPM: parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.82...
NPM: SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web_url_read`
NPM: SearXNG MCP Server: DNS-resolved Private Hostname SSRF in weburlread vulnerability discovered by ? in WordPress Npm mcp-searxng versions 1.7.1...
NPM: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`
NPM: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in weburlread vulnerability discovered by ? in WordPress Npm mcp-searxng versions 1.7.1...
NPM: Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data
NPM: Network-AI: EnvironmentManager.restore backup ID path traversal copies arbitrary directories into environment data vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...
NPM: Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups
NPM: Network-AI: EnvironmentManager.backup follows symlinked directories and copies files outside the environment root into backups vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...
NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions
NPM: Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions vulnerability discovered by ? in WordPress Npm network-ai versions = 5.0.0, = 5.12.1...
NPM: Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory
NPM: Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...
NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning
NPM: Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning vulnerability discovered by ? in WordPress Npm network-ai versions = 5.12.1...
NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover
NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...
NPM: flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key
NPM: flat-to-nested: Prototype pollution in flat-to-nested convert via proto parent/id key vulnerability discovered by ? in WordPress Npm flat-to-nested versions = 1.1.1...
NPM: Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening (DNS-rebinding, request-body limits, read-only reads, default network exposure)
NPM: Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening DNS-rebinding, request-body limits, read-only reads, default network exposure vulnerability discovered by ? in WordPress Npm kozou versions = 1.8.0...