46684 matches found
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.7 - Unauthenticated Email Relay vulnerability
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.7 - Unauthenticated Email Relay vulnerability discovered by jtwings - Puramu in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...
WordPress Conditional CAPTCHA plugin <= 4.0.0 - Open Redirect vulnerability
Open Redirect vulnerability discovered by Bob Matyas in WordPress Plugin Conditional CAPTCHA versions = 4.0.0...
WordPress Musico theme <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Musico versions = 3.2.4...
WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Celeste versions = 1.3.6...
WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Chaty versions = 3.5.1...
WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Tablesome versions = 1.2.3...
WordPress WooCommerce Order Details plugin <= 3.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Order Details versions = 3.1...
WordPress Gecko theme <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Gecko versions = 1.9.8...
WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability
WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme = 2.2.7 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Claue - Clean, Minimal Elementor WooCommerce Theme versions = 2.2.7...
WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextScripts versions = 4.4.7...
WordPress Ebook Store plugin <= 5.8001 - Reflected Cross-Site Scripting via 'step' vulnerability
Reflected Cross-Site Scripting via 'step' vulnerability discovered by nvthien in WordPress Plugin Ebook Store versions = 5.8001...
WordPress WP Ad Guru plugin <= 2.5.4 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP Ad Guru versions = 2.5.4...
WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aora versions = 1.3.15...
WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Metro versions = 2.13...
WordPress Metro theme <= 2.13 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Metro versions = 2.13...
WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by CODE WHITE GmbH in WordPress Plugin W3 Total Cache versions = 2.9.1...
WordPress DesignThemes Portfolio plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Portfolio versions = 1.3...
WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Directory Addon versions = 1.8...
WordPress DesignThemes Booking Manager plugin <= 2.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Booking Manager versions = 2.0...
WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.1...
WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability
Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.1...
WordPress Classified Listing plugin <= 5.3.4 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Classified Listing versions = 5.3.4...
WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Directory Pro versions = 2.5.6...
WordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by dcodx in WordPress Plugin Really Simple Security Pro versions = 9.5.4.0...
WordPress My Tickets plugin <= 2.1.0 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin My Tickets versions = 2.1.0...
WordPress Profile Builder Pro plugin <= 3.13.9 - SQL Injection vulnerability
SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Profile Builder Pro versions = 3.13.9...
WordPress SiteGuard WP Plugin plugin <= 1.7.9 - Captcha Bypass vulnerability
Captcha Bypass vulnerability discovered by Ahmad in WordPress Plugin SiteGuard WP Plugin versions = 1.7.9...
WordPress Eagle Booking plugin <= 1.3.4.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin Eagle Booking versions = 1.3.4.3...
WordPress Sweet Date theme < 4.0.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sweet Date versions 4.0.1...
WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tennis Club versions = 1.2.3...
WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kingler versions = 1.7...
WordPress Dentario theme <= 1.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dentario versions = 1.5...
WordPress Simple Membership plugin <= 4.7.0 - Unauthenticated Improper Handling of Missing Values vulnerability
Unauthenticated Improper Handling of Missing Values vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin Simple Membership versions = 4.7.0...
WordPress WP Customer Reviews plugin <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter vulnerability
Reflected Cross-Site Scripting via 'wpcr3fname' Parameter vulnerability discovered by WordFence in WordPress Plugin WP Customer Reviews versions = 3.7.5...
WordPress Shield Security plugin <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability
Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...
WordPress xmlrpc attacks blocker plugin <= 1.0 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin xmlrpc attacks blocker versions = 1.0...
WordPress iXML - Google XML sitemap generator plugin <= 0.6 - Reflected Cross-Site Scripting via 'iXML_email' Parameter vulnerability
WordPress iXML - Google XML sitemap generator plugin = 0.6 - Reflected Cross-Site Scripting via 'iXMLemail' Parameter vulnerability discovered by johska in WordPress Plugin iXML versions = 0.6...
WordPress Easy Author Image plugin <= 1.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Picture URL vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Profile Picture URL vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Author Image versions = 1.7...
WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Teemu Saarentaus in WordPress Plugin Wholesale Suite versions = 2.2.6...
WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Teemu Saarentaus in WordPress Plugin Woocommerce Wholesale Lead Capture versions = 2.0.3.1...
WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Teemu Saarentaus in WordPress Plugin Woocommerce Wholesale Lead Capture versions = 2.0.3.1...
WordPress EventPrime plugin <= 4.2.8.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin EventPrime versions = 4.2.8.3...
WordPress Smartsupp - live chat, AI shopping assistant and chatbots plugin <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
WordPress Smartsupp - live chat, AI shopping assistant and chatbots plugin = 3.9.1 - Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Smartsupp – live chat, chatbots, AI and lead generation versions = 3.9.1...
WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.1 - Unauthenticated Limited File Upload vulnerability
Unauthenticated Limited File Upload vulnerability discovered by Jamiryoo in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.1...
WordPress Aruba HiSpeed Cache plugin <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings Modification vulnerability
Missing Authorization to Unauthenticated Plugin's Settings Modification vulnerability discovered by mikemyers in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.2...
WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...
WordPress Aruba HiSpeed Cache plugin <= 3.0.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.2...
WordPress Ultimate Member plugin <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters vulnerability
Reflected Cross-Site Scripting via Filter Parameters vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Ultimate Member versions = 2.11.1...
WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Image Optimizer by Elementor versions = 1.7.1...
WordPress wpForo Forum plugin <= 2.4.14 - Unauthenticated Time-Based SQL Injection vulnerability
Unauthenticated Time-Based SQL Injection vulnerability discovered by Youssef Elouaer in WordPress Plugin wpForo Forum versions = 2.4.14...