46684 matches found
WordPress Razorpay for WooCommerce plugin <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification vulnerability
Missing Authentication to Unauthenticated Order Modification vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Razorpay for WooCommerce versions = 4.7.8...
WordPress Mega Store Woocommerce plugin <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation and Settings Change vulnerability discovered by bugzy in WordPress Theme Mega Store Woocommerce versions = 5.9...
WordPress Breadcrumb NavXT plugin <= 7.5.0 - Missing Authorization to Sensitive Information Exposure vulnerability
Missing Authorization to Sensitive Information Exposure vulnerability discovered by NosleeP++ in WordPress Plugin Breadcrumb NavXT versions = 7.5.0...
WordPress Country Blocker for AdSense plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Country Blocker for AdSense versions = 1.0...
WordPress Page Title, Description & Open Graph Updater plugin <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability
Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Page Title, Description & Open Graph Updater versions = 1.02...
WordPress Easy Table of Contents plugin <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jack Taylor in WordPress Plugin Easy Table of Contents versions = 2.0.78...
WordPress s2Member plugin <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin s2Member versions = 251005...
WordPress Album and Image Gallery Plus Lightbox plugin <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Plugin's Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.1.7...
WordPress Apollo13 Framework Extension plugin <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via `a13_alt_link` Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via a13altlink Parameter vulnerability discovered by Webbernaut in WordPress Plugin Apollo13 Framework Extensions versions = 1.9.8...
WordPress Shopire plugin <= 1.0.57 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Install vulnerability discovered by Ky0toFu in WordPress Theme Shopire versions = 1.0.57...
WordPress CTX Feed - WooCommerce Product Feed Manager plugin <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation vulnerability
WordPress CTX Feed - WooCommerce Product Feed Manager plugin = 6.6.11 - Missing Authorization to Authenticated Shop Manager+ Arbitrary Plugin Installation vulnerability discovered by DityaRA in WordPress Plugin CTX Feed versions = 6.6.11...
WordPress Renden plugin <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Title vulnerability discovered by Peter Thaleikis in WordPress Theme Renden versions = 1.8.1...
WordPress Web Accessibility by accessiBe plugin <= 2.11 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Web Accessibility By accessiBe versions = 2.11...
WordPress Advanced Ads - Ad Manager & AdSense plugin <= 2.0.14 - Missing Authorization to Authenticated (Subscriber+) Ad Placements Update vulnerability
WordPress Advanced Ads - Ad Manager & AdSense plugin = 2.0.14 - Missing Authorization to Authenticated Subscriber+ Ad Placements Update vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Advanced Ads versions = 2.0.14...
WordPress Official StatCounter Plugin plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Nickname vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin StatCounter versions = 2.1.0...
WordPress NewsBlogger <= 0.2.5.6-0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability
Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability discovered by luckybuddy in WordPress Theme NewsBlogger versions 0.2.5.6-0.2.6.1...
WordPress Popup Builder plugin <= 4.4.2 - Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens vulnerability
Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Popup Builder versions = 4.4.2...
WordPress Drift plugin <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Title vulnerability discovered by Peter Thaleikis in WordPress Theme Drift versions = 1.5.0...
WordPress Easy SVG Support plugin <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Sornram9254 in WordPress Plugin Easy SVG Support versions = 4.0...
WordPress Printful Integration for WooCommerce plugin <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability
Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Adrian Lukita in WordPress Plugin Printful Integration for WooCommerce versions = 2.2.11...
WordPress ACF Photo Gallery Field plugin <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Attachment Metadata Modification vulnerability discovered by Rafshanzani Suhada in WordPress Plugin ACF Photo Gallery Field versions = 3.0...
WordPress Mesmerize Companion plugin <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update vulnerability
Missing Authorization Authenticated Subscriber+ Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Mesmerize Companion versions = 1.6.158...
WordPress Mailchimp List Subscribe Form plugin <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change vulnerability
Cross-Site Request Forgery to Mailchimp List Change vulnerability discovered by SHIVAM KUMAR in WordPress Plugin Mailchimp List Subscribe Form versions = 2.0.0...
WordPress Booking Calendar plugin <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Settings Modification vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Booking Calendar versions = 10.14.14...
WordPress WP All Export plugin <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability
Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability discovered by Vincent Theriault-Laine in WordPress Plugin Export any WordPress data to XML/CSV versions = 1.4.14...
WordPress The Plus Addons for Elementor plugin <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' vulnerability
Incorrect Authorization to Authenticated Author+ Arbitrary Draft Post Creation via 'posttype' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...
WordPress Bookster - WordPress Appointment Booking Plugin plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw' vulnerability
WordPress Bookster - WordPress Appointment Booking Plugin plugin = 2.1.1 - Authenticated Administrator+ SQL Injection via 'raw' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Bookster versions = 2.1.1...
WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability
Authenticated Administrator+ Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...
WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WpEvently versions = 5.1.1...
WordPress Valenti theme <= 5.6.3.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Valenti versions = 5.6.3.5...
WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.4...
WordPress Grand Restaurant theme <= 7.0.10 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Restaurant versions = 7.0.10...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.10...
WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Mail Mint versions = 1.19.4...
WordPress IMGspider plugin <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file' vulnerability
Authenticated Contributor+ Arbitrary File Upload via 'uploadimgfile' vulnerability discovered by István Márton - Wordfence in WordPress Plugin IMGspider versions = 2.3.10...
WordPress Import Eventbrite Events plugin <= 1.7.4 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Import Eventbrite Events versions = 1.7.4...
WordPress RSS Aggregator plugin <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter vulnerability
Reflected Cross-Site Scripting via 'template' Parameter vulnerability discovered by zer0gh0st in WordPress Plugin WP RSS Aggregator versions = 5.0.10...
WordPress FluentForm plugin <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Welcome Screen Fields vulnerability discovered by zer0gh0st in WordPress Plugin FluentForm versions = 5.1.19...
WordPress LiquidPoll plugin <= 3.3.78 - Unauthenticated Stored Cross-Site Scripting via form_data Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via formdata Parameter vulnerability discovered by zer0gh0st in WordPress Plugin LiquidPoll versions = 3.3.78...
WordPress ARForms plugin <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability
Unauthenticated Stored Cross-Site Scripting via arfhttpreferrerurl vulnerability discovered by drop in WordPress Plugin ARForms Form Builder versions = 1.5.8...
WordPress Formidable Forms plugin <= 6.7 - HTML Injection vulnerability
HTML Injection vulnerability discovered by drop in WordPress Plugin Formidable Forms versions = 6.7...
WordPress tagDiv Composer plugin <= 5.0 - Reflected Cross-Site Scripting via envato_code[] vulnerability
Reflected Cross-Site Scripting via envatocode vulnerability discovered by Truoc Phan - Techlab Corporation in WordPress Plugin tagDiv Composer versions = 5.0...
WordPress Premmerce plugin <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via 'premmercewizardactions' AJAX Endpoint vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Premmerce versions = 1.3.20...
WordPress Subitem AL Slider plugin <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Subitem AL Slider versions = 1.0.0...
WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability
WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin = 3.1.0 - Authenticated Shop Manager+ Code Injection via Conditional Logic 'operator' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Product Addons for Woocommerce versions = 3.1....
WordPress Download Manager plugin <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter vulnerability
Reflected Cross-Site Scripting via 'redirectto' Parameter vulnerability discovered by Jack Taylor in WordPress Plugin Download Manager versions = 3.3.46...
WordPress ShopLentor plugin <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action vulnerability
Unauthenticated Email Relay Abuse via 'woolentorsuggestpriceaction' AJAX Action vulnerability discovered by Teerachai Somprasong in WordPress Plugin ShopLentor versions = 3.3.2...
WordPress Rent Fetch plugin <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability discovered by WordFence in WordPress Plugin Rent Fetch versions = 0.32.6...
WordPress WPNakama plugin <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability
Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPNakama versions = 0.6.5...
WordPress Taskbuilder plugin <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters vulnerability
Authenticated Subscriber+ SQL Injection via 'order' and 'sortby' Parameters vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Taskbuilder versions = 5.0.2...