46702 matches found
WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Melody versions = 1.6.3...
WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Beelove versions = 1.2.6...
WordPress Meta Box plugin <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion vulnerability
Authenticated Contributor+ Arbitrary File Deletion vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.11.1...
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin = 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress...
WordPress WP App Bar plugin <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via 'app-bar-features' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP App Bar versions = 1.5...
WordPress Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin <= 7.3.20 - Authenticated (Author+) Privilege Escalation vulnerability
WordPress Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin = 7.3.20 - Authenticated Author+ Privilege Escalation vulnerability discovered by Peter Thaleikis in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.20...
WordPress JS Archive List plugin <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute vulnerability
Authenticated Contributor+ PHP Object Injection via 'included' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin JS Archive List versions = 6.1.7...
WordPress CM Custom Reports plugin <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters vulnerability
Reflected Cross-Site Scripting via 'datefrom' and 'dateto' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin CM Custom WordPress Reports and Analytics versions = 1.2.7...
WordPress ZIP Code Based Content Protection plugin <= 1.0.2 - Unauthenticated SQL Injection via 'zipcode' Parameter vulnerability
Unauthenticated SQL Injection via 'zipcode' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ZIP Code Based Content Protection versions = 1.0.2...
WordPress Themify Event Post plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Themify Event Post versions = 1.3.4...
WordPress Podlove Podcast Publisher plugin <= 4.3.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Podlove Podcast Publisher versions = 4.3.3...
WordPress Atarim plugin <= 4.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Atarim versions = 4.3.2...
WordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by davidfdzmorilla in WordPress Plugin Contact Form by WPForms versions = 1.9.9.3...
WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by davidfdzmorilla in WordPress Plugin Elementor Website Builder versions = 3.35.5...
WordPress LotekMedia Popup Form plugin <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Hieus in WordPress Plugin LotekMedia Popup Form versions = 1.0.6...
WordPress Carta Online plugin <= 2.13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Carta Online versions = 2.13.0...
WordPress True Ranker plugin <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection vulnerability
Cross-Site Request Forgery to Unauthorized True Ranker Disconnection vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin True Ranker versions = 2.2.9...
WordPress Infomaniak Connect for OpenID plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Infomaniak Connect for OpenID versions = 1.0.2...
WordPress Font Pairing Preview For Landing Pages plugin <= 1.3 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Font Pairing Preview For Landing Pages versions = 1.3...
WordPress Show YouTube video plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Show YouTube video versions = 1.1...
WordPress Purchase Button For Affiliate Link plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Purchase Button For Affiliate Link versions = 1.0.2...
WordPress DA Media GigList plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'listtitle' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin DA Media GigList versions = 1.9.0...
WordPress Consensus Embed plugin <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Consensus Embed versions = 1.6...
WordPress Media Library Alt Text Editor plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'postid' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Media Library Alt Text Editor versions = 1.0.0...
WordPress The Guardian News Feed plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin The Guardian News Feed versions = 1.2...
WordPress MyQtip - easy qTip2 plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
WordPress MyQtip - easy qTip2 plugin = 2.0.5 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin MyQtip – easy qTip2 versions = 2.0.5...
WordPress Wueen plugin <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via plugin's Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via plugin's Shortcode vulnerability discovered by zaim in WordPress Plugin Wueen versions = 0.2.0...
WordPress MDJM Event Management plugin <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Mobile DJ Manager versions = 1.7.8.1...
WordPress MailArchiver plugin <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by Ronnachai Chaipha rxnr - Reconix Co., Ltd. in WordPress Plugin MailArchiver versions = 4.4.0...
WordPress Community Events plugin <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field vulnerability
Authenticated Administrator+ SQL Injection via 'cevenuename' CSV Field vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.8...
WordPress ProfileGrid plugin <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by WordFence in WordPress Plugin ProfileGrid versions = 5.9.8.1...
WordPress ProfileGrid plugin <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial vulnerability
Cross-Site Request Forgery to Group Membership Request Approval/Denial vulnerability discovered by WordFence in WordPress Plugin ProfileGrid versions = 5.9.8.2...
WordPress Stock Ticker plugin <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Template vulnerability discovered by WordFence in WordPress Plugin Stock Ticker versions = 3.26.1...
WordPress Easy PHP Settings plugin <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting vulnerability
Authenticated Administrator+ PHP Code Injection via 'wpmemorylimit' Setting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Easy PHP Settings versions = 1.0.4...
WordPress Hammas Calendar plugin <= 1.5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'apix' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'apix' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Hammas Calendar versions = 1.5.11...
WordPress WP Frontend Profile plugin <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability
Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability discovered by johska in WordPress Plugin WP Frontend Profile versions = 1.3.8...
WordPress Greenshift plugin <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' vulnerability
Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspbelreusableload' vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Greenshift versions = 12.8.3...
WordPress Winston AI plugin <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin HUMN-1 AI Website Scanner & Human Certification by Winston AI versions = 0.0.3...
WordPress Wizor's theme <= 2.12 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wizor's versions = 2.12...
WordPress VegaDays theme <= 1.2.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme VegaDays versions = 1.2.0...
WordPress Unica theme <= 1.4.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Unica versions = 1.4.1...
WordPress Roisin theme <= 1.2.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Roisin versions = 1.2.1...
WordPress NeoBeat theme <= 1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme NeoBeat versions = 1.2...
WordPress Amoli theme <= 1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Amoli versions = 1.0...
WordPress WP All Import plugin <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' vulnerability
Reflected Cross-Site Scripting via 'filepath' vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WP All Import versions = 4.0.0...
WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability
WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin = 1.4.24 - Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by WordFence in WordPress Plugin WowOptin versions = 1.4.24...
WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.5 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Thomas Sanzey in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.5...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability
Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...
WordPress Greenshift - animation and page builder blocks plugin <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup vulnerability
WordPress Greenshift - animation and page builder blocks plugin = 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Greenshift versions = 12.8.3...
WordPress Greenshift - animation and page builder blocks plugin <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Greenshift - animation and page builder blocks plugin = 12.8.5 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Greenshift versions = 12.8.5...