46629 matches found
WordPress Xendit Payment plugin <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability
Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Xendit Payment versions = 6.0.2...
WordPress SIBS - WooCommerce plugin <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter vulnerability
WordPress SIBS - WooCommerce plugin = 2.2.0 - Authenticated Admin+ SQL Injection via 'referencedId' Parameter vulnerability discovered by whizzu in WordPress Plugin SIBS woocommerce payment gateway versions = 2.2.0...
WordPress Extended Random Number Generator plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by 0x34rth in WordPress Plugin Extended Random Number Generator versions = 1.1...
WordPress Menu Icons by ThemeIsle plugin <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by lucsob in WordPress Plugin Menu Icons by ThemeIsle versions = 0.13.20...
WordPress Tutor LMS plugin <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion vulnerability
Insecure Direct Object Reference to Authenticated Instructor+ Arbitrary Course Modification and Deletion vulnerability discovered by WordFence in WordPress Plugin Tutor LMS versions = 3.9.5...
WordPress ACF Quick Edit Fields plugin <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference vulnerability
Authenticated Contributor+ Insecure Direct Object Reference vulnerability discovered by Chris Grello in WordPress Plugin ACF Quick Edit Fields versions = 3.2.2...
WordPress Paid Memberships Pro plugin <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update vulnerability
Cross-Site Request Forgery to Level Orders Update vulnerability discovered by kodaichodai in WordPress Plugin Paid Memberships Pro versions = 2.12.7...
WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.1.7 - Missing Authorization via editor_html() vulnerability
WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin = 6.1.7 - Missing Authorization via editorhtml vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Awesome Support versions = 6.1.7...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Missing Authorization via wpr_update_form_action_meta vulnerability
Missing Authorization via wprupdateformactionmeta vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via remove_from_compare vulnerability
Cross-Site Request Forgery via removefromcompare vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via add_to_compare vulnerability
Cross-Site Request Forgery via addtocompare vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...
WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via openai_file_delete_callback vulnerability
Missing Authorization via openaifiledeletecallback vulnerability discovered by Francesco Carlucci in WordPress Plugin ChatBot versions = 5.3.4...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.87 - Cross-Site Request Forgery via remove_from_wishlist vulnerability
Cross-Site Request Forgery via removefromwishlist vulnerability discovered by Francesco Carlucci in WordPress Plugin Royal Elementor Addons versions = 1.3.87...
WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via openai_file_list_callback vulnerability
Missing Authorization via openaifilelistcallback vulnerability discovered by Francesco Carlucci in WordPress Plugin ChatBot versions = 5.3.4...
WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...
WordPress Gestpay for WooCommerce plugin <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card vulnerability
Cross-Site Request Forgery CSRF via ajaxdeletecard vulnerability discovered by Francesco Carlucci in WordPress Plugin Gestpay for WooCommerce versions = 20221130...
WordPress Gestpay for WooCommerce plugin <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card vulnerability
Cross-Site Request Forgery CSRF via ajaxunsetdefaultcard vulnerability discovered by Francesco Carlucci in WordPress Plugin Gestpay for WooCommerce versions = 20221130...
WordPress Categorify plugin <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory vulnerability
Missing Authorization in categorifyAjaxAddCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...
WordPress WP Recipe Maker plugin <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group_tag' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'grouptag' vulnerability discovered by wesley wcraft in WordPress Plugin WP Recipe Maker versions = 9.1.0...
WordPress WP Recipe Maker plugin <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'tag' vulnerability discovered by wesley wcraft in WordPress Plugin WP Recipe Maker versions = 9.1.0...
WordPress Views for WPForms plugin <= 3.2.2 - Cross-Site Request Forgery via create_view vulnerability
Cross-Site Request Forgery via createview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...
WordPress Views for WPForms plugin <= 3.2.2 - Cross-Site Request Forgery via save_view vulnerability
Cross-Site Request Forgery via saveview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...
WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via create_view vulnerability
Missing Authorization via createview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...
WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via get_form_fields vulnerability
Missing Authorization via getformfields vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...
WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles vulnerability
Missing Authorization via bulkUpdatePostTitles vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk Edit Post Titles versions = 5.0.0...
WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability
Authenticated Contributor+ Cross-Site Scripting via Elementor Widget URL Custom Attributes vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...
WordPress WebSub (FKA. PubSubHubbub) plugin <= 3.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Sh in WordPress Plugin WebSub versions = 3.1.4...
WordPress Royal Elementor Kit plugin <= 1.0.116 - Missing Authorization to Arbitrary Transient Update vulnerability
Missing Authorization to Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Theme Royal Elementor Kit versions = 1.0.116...
WordPress Schema App Structured Data plugin <= 2.2.0 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Francesco Carlucci in WordPress Plugin Schema App Structured Data versions = 2.2.0...
WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress PDF Flipbook, 3D Flipbook - DearFlip plugin = 2.2.26 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin DearFlip versions = 2.2.26...
WordPress Beaver Builder plugin <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.7.4.2...
WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via restore_records() vulnerability
WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via restorerecords vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...
WordPress WP ERP plugin <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection vulnerability
Authenticated Accounting Manager+ SQL Injection vulnerability discovered by Edwin Siebel edwinsiebel in WordPress Plugin WP ERP versions = 1.13.0...
WordPress WP AdCenter plugin <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpadcenterad Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP AdCenter versions = 2.5.7...
WordPress Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.1...
WordPress ShopLentor plugin <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ShopLentor versions = 2.8.1...
WordPress Shortcodes for Elementor plugin <= 1.0.4 - Authenticated (Contributor+) Post Disclosure vulnerability
Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Shortcodes for Elementor versions = 1.0.4...
WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Order Deletion vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...
WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Import vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...
WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Tutor LMS Elementor Addons versions = 2.1.5...
WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability
WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.3...
WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export vulnerability
WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.1 - Missing Authorization to Authenticated Subscriber+ Event Export vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.1...
WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability
WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via setstarred vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...
WordPress SEOPress - On-site SEO plugin <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress SEOPress - On-site SEO plugin = 7.5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin SEOPress versions = 7.5.2.1...
WordPress WP eMember plugin < 10.6.7 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.7...
WordPress Redirects plugin <= 1.2.1 - Missing Authorization via save vulnerability
Missing Authorization via save vulnerability discovered by Francesco Carlucci in WordPress Plugin Redirects versions = 1.2.1...
WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Optimize More! Images versions = 1.1.3...
WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SevenHills versions = 1.6.2...
WordPress Authorsy plugin <= 1.0.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin Authorsy versions = 1.0.6...
WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PhotoMe versions = 5.7.1...