46684 matches found
WordPress Product Table and List Builder for WooCommerce Lite plugin <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter vulnerability
Unauthenticated Time-Based SQL Injection via 'search' Parameter vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin WooCommerce Product Table Lite versions = 4.6.2...
WordPress Master Addons For Elementor plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'maelbhtablebtntext' vulnerability discovered by Thanakorn Bunsin - KMITL in WordPress Plugin Master Addons for Elementor versions = 2.1.1...
WordPress Quiz Maker plugin <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Quiz Maker versions = 6.7.1.7...
WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Ally versions = 4.0.2...
WordPress Advanced AJAX Product Filters plugin <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability
Authenticated Author+ PHP Object Injection via Live Composer Compatibility vulnerability discovered by WordFence in WordPress Plugin Advanced AJAX Product Filters versions = 3.1.9.6...
WordPress Brevo plugin <= 3.3.0 - Unauthenticated Authorization Bypass via Type Juggling vulnerability
Unauthenticated Authorization Bypass via Type Juggling vulnerability discovered by ISMAILSHADOW in WordPress Plugin Brevo versions = 3.3.0...
WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Modification vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Blog2Social versions = 8.7.4...
WordPress Shield Security plugin <= 21.0.8 - Cross-Site Request Forgery to SQL Injection vulnerability
Cross-Site Request Forgery to SQL Injection vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shield Security versions = 21.0.8...
WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by NosleeP++ in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.5...
WordPress Prodigy Commerce plugin <= 3.2.9 - Unauthenticated Local File Inclusion via parameters[template_name] vulnerability
Unauthenticated Local File Inclusion via parameterstemplatename vulnerability discovered by WordFence in WordPress Plugin Prodigy Commerce versions = 3.2.9...
WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Jitlada in WordPress Plugin URL Shortify versions = 1.12.3...
WordPress Orderable plugin <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Orderable versions = 1.20.0...
WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin WP-Lister Lite for eBay versions = 3.8.5...
WordPress Two Factor (2FA) Authentication via Email plugin <= 1.9.8 - Two-Factor Authentication Bypass via token vulnerability
Two-Factor Authentication Bypass via token vulnerability discovered by Ulyses Saicha in WordPress Plugin Two Factor 2FA Authentication via Email versions = 1.9.8...
WordPress Library Management System plugin <= 3.2.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by WordFence in WordPress Plugin Library Management System versions = 3.2.1...
WordPress Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin <= 4.1.2 - Missing Authorization to Sensitive Information Exposure vulnerability
Missing Authorization to Sensitive Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.1.2...
WordPress Video Conferencing with Zoom API plugin < 4.6.6 - Unauthenticated SDK Signature Generation vulnerability
Unauthenticated SDK Signature Generation vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Video Conferencing with Zoom versions 4.6.6...
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...
WordPress s2Member plugin <= 260127 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Alyudin Nafiie in WordPress Plugin s2Member versions = 260127...
WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function vulnerability
WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorprofile Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...
WordPress Slider Future plugin <= 1.0.5 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Slider Future versions = 1.0.5...
WordPress Lizza LMS Pro plugin <= 1.0.3 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lizza LMS Pro versions = 1.0.3...
WordPress Buyent Theme (with Buyent Classified Plugin) plugin <= 1.0.7 - Unauthenticated Privilege Escalation via User Registration vulnerability
Unauthenticated Privilege Escalation via User Registration vulnerability discovered by シルAsuna in WordPress Theme Buyent versions = 1.0.7...
WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation vulnerability
Authenticated Subscriber+ Arbitrary File Read via .htaccess Manipulation vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...
WordPress Tablesome Table 0.5.4-1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Information Exposure and Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Tablesome versions 0.5.4-1.2.1...
WordPress Clasifico Listing plugin <= 2.0 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Clasifico Listing versions = 2.0...
WordPress Nelio AB Testing plugin <= 8.2.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Nelio AB Testing versions = 8.2.4...
WordPress Dealia plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...
WordPress Client Testimonial Slider plugin <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Client Testimonial Slider versions = 2.0...
WordPress MP3 Audio Player 4.0-5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability
Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by kr0d in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions 4.0-5.10...
WordPress XO Event Calendar plugin <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'xoeventfield' shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin XO Event Calendar versions = 3.2.10...
WordPress Groups plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'groupsgroupinfo' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Groups versions = 3.10.0...
WordPress YaMaps for WordPress plugin <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YaMaps for WordPress versions = 0.6.40...
WordPress BackWPup plugin <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update vulnerability
Authenticated BackWPup Helper+ Privilege Escalation via Arbitrary Options Update vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin BackWPup versions = 5.6.2...
WordPress Advanced Custom Fields: Font Awesome plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.1...
WordPress Virusdie plugin <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure vulnerability
Missing Authorization to Authenticated Subscriber+ API Key Disclosure vulnerability discovered by Sushi Com Abacate in WordPress Plugin Virusdie versions = 1.1.7...
WordPress Image Hotspot by DevVN plugin <= 1.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Meta vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Custom Field Meta vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Hotspot by DevVN versions = 1.2.9...
WordPress Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update vulnerability
Missing Authorization to Authenticated Subscriber+ Email MFA Update vulnerability discovered by shark3y in WordPress Plugin Shield Security versions = 21.0.9...
WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.14 - Missing Authorization to Authenticated (Subscriber+) Cloud Service Disconnection vulnerability
Missing Authorization to Authenticated Subscriber+ Cloud Service Disconnection vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.4.14...
WordPress OneClick Chat to Order plugin <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update vulnerability
Missing Authorization to Authenticated Editor+ Plugin Settings Update vulnerability discovered by Mohammad Amin Hajian mamadrce in WordPress Plugin OneClick Chat to Order versions = 1.0.9...
WordPress Tennis Court Bookings plugin <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Admin Settings and Calendar Parameters vulnerability discovered by 0x34rth in WordPress Plugin Tennis Court Bookings versions = 1.2.7...
WordPress salavat counter Plugin plugin <= 0.9.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'image_url' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'imageurl' Parameter vulnerability discovered by 0x34rth in WordPress Plugin salavat counter versions = 0.9.5...
WordPress Remove Post Type Slug plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Post Type Slug versions = 1.0.2...
WordPress TalkJS plugin <= 0.1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'welcomeMessage' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'welcomeMessage' Parameter vulnerability discovered by 0x34rth in WordPress Plugin TalkJS versions = 0.1.15...
WordPress Dealia - Request a quote plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset vulnerability
WordPress Dealia - Request a quote plugin = 1.0.6 - Missing Authorization to Authenticated Contributor+ Plugin Configuration Reset vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...
WordPress Slidorion plugin <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Slidorion Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Slidorion Settings vulnerability discovered by san6051 - PWC in WordPress Plugin Slidorion versions = 1.0.2...
WordPress News Element Elementor Blog Magazine plugin <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss vulnerability
Missing Authorization to Authenticated Subscriber+ Data Loss vulnerability discovered by Legion Hunter in WordPress Plugin News Element Elementor Blog Magazine versions = 1.0.8...
WordPress Advance Block Extend plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via TitleColor Block Attribute vulnerability discovered by WordFence in WordPress Plugin Advance Block Extend versions = 1.0.4...
WordPress Toret Manager plugin <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions vulnerability
Authenticated Subscriber+ Arbitrary Options Update via AJAX actions vulnerability discovered by vgo0 in WordPress Plugin Toret Manager versions = 1.2.7...
WordPress Whatsiplus Scheduled Notification for Woocommerce plugin <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action vulnerability
Cross-Site Request Forgery to 'wsnfwsaveuserssettings' AJAX Action vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Whatsiplus Scheduled Notification for Woocommerce versions = 1.0.1...