46684 matches found
WordPress Business Directory Plugin plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter vulnerability
Unauthenticated SQL Injection via payment Parameter vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.21...
WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Spa and Salon versions = 1.3.2...
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin = 6.0.6.9 - Unauthenticated Payment Bypass via rmprocesspaypalsdkpayment vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin RegistrationMagi...
WordPress Complianz | GDPR/CCPA Cookie Consent plugin <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Complianz versions = 7.4.3...
WordPress User Submitted Posts plugin <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability
Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability discovered by type5afe in WordPress Plugin User Submitted Posts versions = 20260113...
WordPress Video Share VOD plugin <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability
Authenticated Editor+ Stored Cross-Site Scripting via Custom Field Meta Values vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Video Share VOD versions = 2.7.11...
WordPress SiteOrigin Widgets Bundle plugin <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by bashu - KCSC in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.70.4...
WordPress WP Event Aggregator plugin <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by WordFence in WordPress Plugin WP Event Aggregator versions = 1.8.7...
WordPress Community Events plugin <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'cevenuename' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.7...
WordPress Business Directory Plugin plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.20...
WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Event Modification via 'eventid' Parameter vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin EventPrime versions = 4.2.8.4...
WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability
Authenticated Administrator+ Path Traversal to Arbitrary File Read via 'downloadpath' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...
WordPress Dam Spam plugin <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability discovered by Duong Quang Hao in WordPress Plugin Dam Spam versions = 1.0.8...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
Missing Authorization to Authenticated Shop Manager+ License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress Kali Forms plugin <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Form Data Exposure vulnerability discovered by Youssef Elouaer in WordPress Plugin Kali Forms versions = 2.4.8...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability
Missing Authorization to Authenticated Shop Manager+ Plugin Installation and Activation vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress YayMail plugin <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability
Authenticated Shop Manager+ Stored Cross-Site Scripting via Template Elements vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability
Missing Authorization to Authenticated Shop Manager+ Arbitrary Options Update via 'yaymailimportstate' AJAX Action vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...
WordPress Private Comment plugin <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Label Text Setting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Private Comment versions = 0.0.4...
WordPress InteractiveCalculator for WordPress plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin InteractiveCalculator for WordPress versions = 1.0.3...
WordPress Cart All In One For WooCommerce plugin <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability
Authenticated Administrator+ Code Injection via 'scassignpage' Setting vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Cart All In One For WooCommerce versions = 1.1.21...
WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability
Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...
WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability
Authenticated Contributor+ Server-Side Request Forgery via 'endpoint' Parameter vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...
WordPress Taskbuilder plugin <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Project/Task Comment Creation vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Taskbuilder versions = 5.0.2...
WordPress Keybase.io Verification plugin <= 1.4.5 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Keybase.io Verification versions = 1.4.5...
WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Peppol Identifier Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce PDF Invoices & Packing Slips versions = 5.6.0...
WordPress WP Plugin Info Card plugin <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability
Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability discovered by Duong Quang Hao in WordPress Plugin WP Plugin Info Card versions = 6.2.0...
WordPress Membership Plugin - Restrict Content plugin <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings vulnerability
WordPress Membership Plugin - Restrict Content plugin = 3.2.18 - Authenticated Administrator+ Stored Cross-Site Scripting via Invoice Settings vulnerability discovered by Miguel Santareno in WordPress Plugin Restrict Content versions = 3.2.18...
WordPress VK All in One Expansion Unit plugin <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via SNS Title vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin VK All in One Expansion Unit versions = 9.112.3...
WordPress Tickera - WordPress Event Ticketing plugin <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update vulnerability
WordPress Tickera - WordPress Event Ticketing plugin = 3.5.6.4 - Missing Authorization to Authenticated Subscriber+ Event/Post Status Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Tickera versions = 3.5.6.4...
WordPress Popup Box - Easily Create WordPress Popups plugin <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Popup Box - Easily Create WordPress Popups plugin = 3.2.12 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Popup Box versions = 3.2.12...
WordPress Context Blog theme <= 1.2.5 - Unauthenticated Private Post Disclosure vulnerability
Unauthenticated Private Post Disclosure vulnerability discovered by jsonc in WordPress Theme Context Blog versions = 1.2.5...
WordPress Frontend User Notes plugin <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Note Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Frontend User Notes versions = 2.1.0...
WordPress Order Splitter for WooCommerce plugin <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Order Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Order Splitter for WooCommerce versions = 5.3.5...
WordPress WP 404 Auto Redirect plugin <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Cody Sixteen in WordPress Plugin WP 404 Auto Redirect to Similar Post versions = 1.0.5...
WordPress Filestack plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Filestack versions = 2.0.8...
WordPress URL Shortify plugin <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter vulnerability
Unauthenticated Open Redirect via 'redirectto' Parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin URL Shortify versions = 1.12.1...
WordPress Frontend Post Submission Manager Lite plugin <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter vulnerability
Unauthenticated Open Redirect via 'requestedpage' Parameter vulnerability discovered by kr0d in WordPress Plugin Frontend Post Submission Manager Lite versions 1.0.0-1.2.7...
WordPress Display During Conditional Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via message Parameter vulnerability discovered by Gilang - DJ in WordPress Plugin Display During Conditional Shortcode versions = 1.2...
WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Simple Ajax Chat versions = 20251121...
WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Academy LMS versions = 3.5.3...
WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0.1...
WordPress PixelYourSite plugin <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0...
WordPress Wolmart Core plugin <= 1.9.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Wolmart Core versions = 1.9.6...
WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability
WordPress Applay - Shortcodes plugin = 3.7 - PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Applay - Shortcodes versions = 3.7...
WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme = 1.3 - Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...
WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion vulnerability
WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme = 1.3 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...
WordPress Frontend File Manager Plugin plugin <= 23.5 - Unauthenticated Arbitrary Email Sending vulnerability
Unauthenticated Arbitrary Email Sending vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Frontend File Manager versions = 23.5...
WordPress Wiguard theme < 2.0.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wiguard versions 2.0.1...
WordPress UnlimHost theme <= 1.2.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme UnlimHost versions = 1.2.3...