46684 matches found
WordPress Secure Copy Content Protection and Content Locking plugin <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header vulnerability
Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header vulnerability discovered by Deadbee - NA in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.9.8...
WordPress Customer Reviews for WooCommerce plugin <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via media.href Parameter vulnerability discovered by type5afe in WordPress Plugin Customer Reviews for WooCommerce versions = 5.97.0...
WordPress Activity Log for WordPress plugin <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File vulnerability
Missing Authorization to Sensitive Information Exposure via Log File vulnerability discovered by WordFence in WordPress Plugin WP System Log versions = 1.2.8...
WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability
WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin = 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Converter for Media versions = 6.5.1...
WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) plugin <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability
WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO Premium plugin = 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability discovered by Stefan in WordPress Plugin Uni CPO Premium versions = 4.9.60...
WordPress BlueSnap Payment Gateway for WooCommerce plugin <= 3.3.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation vulnerability
Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin BlueSnap Payment Gateway for WooCommerce versions = 3.3.0...
WordPress Truelysell Core plugin <= 1.8.7 - Unauthenticated Privilege Escalation via Registration vulnerability
Unauthenticated Privilege Escalation via Registration vulnerability discovered by Alyudin Nafiie in WordPress Plugin Truelysell Core versions = 1.8.7...
WordPress wpForo Forum plugin <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection vulnerability
Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin wpForo Forum versions = 2.4.13...
WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Skalucy in WordPress Plugin Jetpack CRM versions = 6.7.0...
WordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Open User Map versions = 1.4.16...
WordPress Woocommerce Category Banner Management plugin <= 2.5.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Woocommerce Category Banner Management versions = 2.5.1...
WordPress Magic Login Mail or QR Code plugin <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability
Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability discovered by ifoundbug in WordPress Plugin Magic Login Mail or QR Code versions = 2.05...
WordPress midi-Synth plugin <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability
Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability discovered by WordFence in WordPress Plugin midi-Synth versions = 1.1.0...
WordPress PhotoStack Gallery plugin <= 0.4.1 - Unauthenticated SQL Injection via 'postid' Parameter vulnerability
Unauthenticated SQL Injection via 'postid' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin PhotoStack Gallery versions = 0.4.1...
WordPress SureForms - Drag and Drop Form Builder for WordPress plugin <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability
WordPress SureForms - Drag and Drop Form Builder for WordPress plugin = 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability discovered by andrea bocchetti in WordPress Plugin SureForms versions = 2.2.1...
WordPress Prime Listing Manager plugin <= 1.1 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Prime Listing Manager versions = 1.1...
WordPress WP eCommerce plugin <= 3.15.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin WP eCommerce versions = 3.15.1...
WordPress AdForest theme <= 6.0.12 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by Phat RiO - BlueRock in WordPress Theme AdForest versions = 6.0.12...
WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.8...
WordPress FooGallery plugin <= 3.1.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin FooGallery versions = 3.1.11...
WordPress FooGallery plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin FooGallery versions = 3.1.11...
WordPress Download Alt Text AI plugin <= 1.10.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Download Alt Text AI versions = 1.10.15...
WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Steven Julian in WordPress Plugin WP Activity Log versions = 5.5.4...
WordPress Media Library Folders plugin <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename vulnerability
Insecure Direct Object Reference to Authenticated Author+ Arbitrary Attachment Deletion and Rename vulnerability discovered by shivanandsnaidu - naidu computers in WordPress Plugin Media Library Folders versions = 8.3.6...
WordPress Essential Addons for Elementor plugin <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Info Box Widget vulnerability discovered by knani alaaeddine iwd in WordPress Plugin Essential Addons for Elementor versions = 6.5.9...
WordPress MP3 Audio Player 5.3-5.10 - Authenticated (Author+) Server-Side Request Forgery vulnerability
Authenticated Author+ Server-Side Request Forgery vulnerability discovered by kr0d in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions 5.3-5.10...
WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability
Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...
WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing vulnerability
WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin = 2.13.6 - Missing Authorization to Authenticated Contributor+ Arbitrary Post/Page Editing vulnerability discovered by type5afe in WordPress Plugin Modula Image Gallery versions = 2.13.6...
WordPress myCred plugin <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'mycredloadcoupon' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin myCred versions = 2.9.7.3...
WordPress Link Hopper plugin <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'hopname' Parameter vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Link Hopper versions = 2.5...
WordPress Ravelry Designs Widget plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'sbravelrydesigns' Shortcode 'layout' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ravelry Designs Widget versions = 1.0.0...
WordPress UpMenu plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin UpMenu versions = 3.1...
WordPress Chatbot for WordPress by Collect.chat ⚡️ plugin <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Field vulnerability discovered by Deadbee - NA in WordPress Plugin collectchat versions = 2.4.8...
WordPress Press3D plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability discovered by WordFence in WordPress Plugin Press3D versions = 1.0.2...
WordPress Smart Forms plugin <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Campaign Data Exposure vulnerability discovered by lucsob in WordPress Plugin Smart Forms versions = 2.6.99...
WordPress User Language Switch plugin <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'tabcolorpickerlanguageswitch' Parameter vulnerability discovered by 0x34rth in WordPress Plugin User Language Switch versions = 1.6.10...
WordPress User Language Switch plugin <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter vulnerability
Authenticated Administrator+ Server-Side Request Forgery via 'infolanguage' Parameter vulnerability discovered by 0x34rth in WordPress Plugin User Language Switch versions = 1.6.10...
WordPress Payment Page | Payment Form for Stripe plugin <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'pricingplanselecttextfontfamily' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Payment Page versions = 1.4.6...
WordPress MDirector Newsletter plugin <= 4.5.8 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MDirector Newsletter versions = 4.5.8...
WordPress MailChimp Campaigns plugin <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection vulnerability
Missing Authorization to Authenticated Subscriber+ MailChimp App Disconnection vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin MailChimp Campaigns versions = 3.2.4...
WordPress WP Quick Contact Us plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin WP Quick Contact Us versions = 1.0...
WordPress Best-wp-google-map plugin <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Best-wp-google-map versions = 2.1...
WordPress Percent to Infograph plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Percent to Infograph versions = 1.0...
WordPress Scheduler Widget plugin <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Event Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Scheduler Widget versions = 0.1.6...
WordPress QuestionPro Surveys plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin QuestionPro Surveys versions = 1.0...
WordPress Sphere Manager plugin <= 1.0.2 - Authenticated (Contributor+) Cross-Site Scripting via 'width' Shortcode Attribute vulnerability
Authenticated Contributor+ Cross-Site Scripting via 'width' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Sphere Manager versions = 1.0.2...
WordPress CallbackKiller service widget plugin <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update vulnerability
Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin CallbackKiller service widget versions = 1.2...
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.5 - Cross-Site Request Forgery vulnerability
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.5 - Cross-Site Request Forgery vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin LatePoint versions = 5.2.5...
WordPress MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode vulnerability
WordPress MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin = 3.7.11 - Authenticated Contributor+ Stored Cross-Site Scripting via 'stmlmscoursesgriddisplay' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MasterStudy LMS versions = 3.7.11...
WordPress Accordion and Accordion Slider plugin <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification vulnerability
Missing Authorization to Authenticated Contributor+ Attachment Metadata Modification vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Accordion and Accordion Slider versions = 1.4.5...