46681 matches found
WordPress ZoomifyWP Free plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin ZoomifyWP Free versions = 1.1...
WordPress Simple Plyr plugin <= 0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'poster' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'poster' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Plyr versions = 0.0.1...
WordPress Appointment Booking Calendar Plugin plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification vulnerability
Missing Authorization to Unauthenticated Arbitrary Appointment Status Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Bookr versions = 1.0.2...
WordPress Simple Wp colorfull Accordion plugin <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
Authenticated Contributor+ Cross-Site Scripting via 'title' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Wp colorfull Accordion versions = 1.0...
WordPress AMP Enhancer plugin <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via AMP Custom CSS Setting vulnerability discovered by Muqsith Barru - TCC in WordPress Plugin AMP Enhancer Compatibility Layer for Official AMP Plugin versions = 1.0.49...
WordPress Citations tools plugin <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'code' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Citations tools versions = 0.3.2...
WordPress Easy Voice Mail plugin <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'message' vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Easy Voice Mail versions = 1.2.5...
WordPress SEATT: Simple Event Attendance plugin <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin SEATT: Simple Event Attendance versions = 1.5.0...
WordPress WP Last Modified Info plugin <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification vulnerability
Insecure Direct Object Reference to Authenticated Author+ Post Metadata Modification vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WP Last Modified Info versions = 1.9.5...
WordPress Easy Form Builder plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Form Response Data Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Easy Form Builder versions = 3.9.3...
WordPress StickEasy Protected Contact Form plugin <= 1.0.1 - Unauthenticated Information Disclosure vulnerability
Unauthenticated Information Disclosure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin StickEasy Protected Contact Form versions = 1.0.1...
WordPress BFG Tools - Extension Zipper plugin <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter vulnerability
WordPress BFG Tools - Extension Zipper plugin = 1.0.7 - Authenticated Administrator+ Path Traversal via 'firstfile' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin BFG Tools – Extension Zipper versions = 1.0.7...
WordPress FastDup - Fastest WordPress Migration & Duplicator plugin <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download vulnerability
WordPress FastDup - Fastest WordPress Migration & Duplicator plugin = 2.7.1 - Missing Authorization to Authenticated Contributor+ Backup Creation and Download vulnerability discovered by WordFence in WordPress Plugin FastDup versions = 2.7.1...
WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin Passster versions = 4.2.25...
WordPress WP Server Log Viewer <= 1.0 - Stored Cross Site Scripting vulnerability
Stored Cross Site Scripting vulnerability discovered by strider in WordPress Plugin WP Server Log Viewer versions = 1.0...
WordPress Duplicate Post plugin <= 3.2.3 - Stored Cross-Site Scripting vulnerability
Stored Cross-Site Scripting vulnerability discovered by Unk9vvN in WordPress Plugin Duplicate Post versions = 3.2.3...
WordPress OpenPix plugin <= 2.13.3 - Subscriber+ Payment Gateway Settings Reset vulnerability
Subscriber+ Payment Gateway Settings Reset vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan in WordPress Plugin OpenPix versions = 2.13.3...
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.6...
WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability
Incorrect Authorization to Authenticated Contributor+ Post Publication vulnerability discovered by johska in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.5.32...
WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.1...
WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Persian Woocommerce SMS versions = 7.1.1...
WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Mollie Payments for WooCommerce versions = 8.1.1...
WordPress JetEngine plugin <= 3.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetEngine versions = 3.8.0...
WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slider Responsive Slideshow – Image slider, Gallery slideshow versions = 1.5.4...
WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery versions = 1.6.0...
WordPress WP FullCalendar plugin <= 1.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin WP FullCalendar versions = 1.6...
WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 6.3.1...
WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for WPForms versions = 6.3.0...
WordPress FiveStar theme <= 1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FiveStar versions = 1.7...
WordPress Belletrist theme <= 1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Belletrist versions = 1.2...
WordPress PJ | Life & Business Coaching theme <= 3.0.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PJ | Life & Business Coaching versions = 3.0.0...
WordPress HealthFirst theme <= 1.0.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme HealthFirst versions = 1.0.1...
WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Struktur versions = 2.5.1...
WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lorem Ipsum | Books & Media Store versions = 1.2.6...
WordPress Extreme Store theme <= 1.5.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Extreme Store versions = 1.5.7...
WordPress Bravis Addons plugin <= 1.1.9 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Bravis Addons versions = 1.1.9...
WordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Paid Member Subscriptions versions = 2.16.8...
WordPress WooODT Lite plugin <= 2.5.2 - Payment Bypass Vulnerability vulnerability
Payment Bypass Vulnerability vulnerability discovered by benzdeus in WordPress Plugin WooODT Lite versions = 2.5.2...
WordPress Cnvrse plugin <= 026.02.10.20 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Jitlada in WordPress Plugin Cnvrse versions = 026.02.10.20...
WordPress FreightCo theme <= 1.1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FreightCo versions = 1.1.7...
WordPress R&F theme <= 1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme R&F versions = 1.5...
WordPress Yokoo theme <= 1.1.11 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Yokoo versions = 1.1.11...
WordPress Cobble theme <= 1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cobble versions = 1.7...
WordPress Plank theme <= 1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plank versions = 1.7...
WordPress Tint theme <= 1.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tint versions = 1.7...
WordPress Splendour theme <= 1.23 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Splendour versions = 1.23...
WordPress Gable theme <= 1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gable versions = 1.5...
WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nika versions = 1.2.14...
WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Diza versions = 1.3.15...
WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fana versions = 1.1.35...