45924 matches found
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.10 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by dodoh4t in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.10...
WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin BP Better Messages versions = 2.14.16...
WordPress 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On versions = 2.0.1...
WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability
Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Media Deletion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin User Registration versions = 5.1.5...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary User Meta Exposure vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Meta Field Block versions = 1.5.1...
WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by kai63001 in WordPress Plugin KiviCare versions = 4.3.0...
WordPress Xpro Elementor Addons - Pro plugin <= 1.4.7 - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability
WordPress Xpro Elementor Addons - Pro plugin = 1.4.7 - Pro = 1.4.7 - Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Xpro Elementor Addons - Pro versions = 1.4.7...
WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...
WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin myLinksDump versions = 1.6...
WordPress rexCrawler plugin <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin rexCrawler versions = 1.0.15...
WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 2.0.1...
WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tiktok Feed versions = 1.0.24...
WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin WpBookingly versions = 1.2.9...
WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin WpTravelly versions = 2.1.5...
WordPress WP Promoter plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Promoter versions = 1.3...
WordPress MetaMagic SEO Plugin plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MetaMagic SEO Plugin versions = 1.6...
WordPress Github Shortcode plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Github Shortcode versions = 0.1...
WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...
WordPress EnvíaloSimple: Email Marketing y Newsletters plugin <= 2.4.5 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by Maurice Fielenbach Hexastrike - Hexastrike Cybersecurity UG haftungsbeschränkt in WordPress Plugin EnvíaloSimple versions = 2.4.5...
WordPress Shortcode Buddy plugin <= 0.1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Shortcode Buddy versions = 0.1.9.5...
WordPress iWR Tooltip plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin iWR Tooltip versions = 1.0...
WordPress BitForm – Data management solution for WordPress plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BitForm – Data management solution for WordPress versions = 1.1.0...
WordPress Listen Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Listen Shortcode versions = 1.0...
WordPress hk_shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin hkshortcode versions = 1.0...
WordPress Instant-Quote.co Quotation Page plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Instant-Quote.co Quotation Page versions = 1.3.4...
WordPress Responsive Video Embedder plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Responsive Video Embedder versions = 0.1...
WordPress Easy Prism Syntax Highlighter plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Easy Prism Syntax Highlighter versions = 1.0.2...
WordPress Content Slideshow plugin <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Content Slideshow versions = 2.4.1...
WordPress Animate Your Content plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Animate Your Content versions = 1.0.0...
WordPress Formidable Kinetic plugin <= 1.1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Formidable Kinetic versions = 1.1.01...
WordPress Team Master – A Modern WordPress Team Showcase plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Team Master – A Modern WordPress Team Showcase versions = 1.1.2...
WordPress Mutual Funds Data plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Mutual Funds Data versions = 1.2.1...
WordPress Single Mailchimp plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Single Mailchimp versions = 1.4...
WordPress Post Categories Gallery plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Post Categories Gallery versions = 1.0.0...
WordPress Auto Thumbnails plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Auto Thumbnails versions = 1.0...
WordPress jQuery googleslides plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin jQuery googleslides versions = 1.3...
WordPress Events In City plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Events In City versions = 3.0...
WordPress GoStats for WordPress plugin <= 1.4 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin GoStats for WordPress versions = 1.4...
WordPress CDN Linker lite plugin <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin CDN Linker lite versions = 1.3.1...
WordPress Search Simple Fields plugin <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Search Simple Fields versions = 0.2...
WordPress auto making JSON-LD plugin <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings vulnerability
Cross-Site Request Forgery to Plugin Certification Settings vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin auto making JSON-LD versions = 4.5.3...
WordPress WP AutoBuzz plugin <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP AutoBuzz versions = 1.1.1...
WordPress WP Promoter plugin <= 1.3 - Missing Authorization to Unauthenticated Statistics Reset vulnerability
Missing Authorization to Unauthenticated Statistics Reset vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Promoter versions = 1.3...
WordPress WP Iframe Geo Style for Amazon affiliates plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin WP Iframe Geo Style for Amazon affiliates versions = 1.1...
WordPress Two-factor authentication (formerly IP Vault) plugin <= 2.1 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin IP Vault – WP Firewall versions = 2.1...
WordPress Dideo plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Dideo versions = 1.0...
WordPress Tuxquote plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Tuxquote versions = 1.3...
WordPress Islamic Database plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Islamic Database versions = 1.0...
WordPress Responsive Check plugin <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Responsive Check versions = 0.0.3...
WordPress Google+ Link Name plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Google+ Link Name versions = 1.0...