46629 matches found
WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Reflector versions = 1.2.2...
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.8.0...
WordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by chokri hammedi in WordPress Plugin Subscribe2 versions = 10.44...
WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Conference versions = 5.3.4...
WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WP Job Portal versions = 2.4.4...
WordPress WP Job Portal plugin <= 2.2.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.1...
WordPress Frontend Admin by DynamiApps plugin <= 3.24.5 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Max Boll b0lli - Max Boll - IT Security in WordPress Plugin Frontend Admin by DynamiApps versions = 3.24.5...
WordPress Kudos Donations plugin <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg' vulnerability
Reflected Cross-Site Scripting via 'addqueryarg' vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Kudos Donations versions = 3.2.9...
WordPress Frontend Admin by DynamiApps plugin <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Max Boll b0lli - Max Boll - IT Security in WordPress Plugin Frontend Admin by DynamiApps versions = 3.24.5...
WordPress Contact Form by BestWebSoft plugin <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject vulnerability
Reflected Cross-Site Scripting via cntctfrmcontactsubject vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Contact Form by BestWebSoft versions = 4.2.8...
WordPress Brizy plugin <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Form Functionality vulnerability discovered by RandomRoot in WordPress Plugin Brizy versions = 2.4.43...
WordPress WP Job Portal plugin <= 2.2.2 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...
WordPress WP Job Portal plugin <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download vulnerability
Missing Authorization to Unauthenticated Arbitrary Resume Download vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...
WordPress WP Job Portal plugin <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() vulnerability
Authenticated Admin+ SQL Injection via wpjobportaldeactivate vulnerability discovered by WordFence in WordPress Plugin WP Job Portal versions = 2.2.2...
WordPress WP Job Portal plugin <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() vulnerability
Authenticated Admin+ SQL Injection via getFieldsForVisibleCombobox vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...
WordPress WP Job Portal plugin <= 2.2.2 - Missing Authorization to Limited Privilege Escalation vulnerability
Missing Authorization to Limited Privilege Escalation vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...
WordPress All-in-One Video Gallery plugin <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass vulnerability
Authenticated Author+ Arbitrary File Upload via VTT Upload Bypass vulnerability discovered by mikemyers in WordPress Plugin All-in-One Video Gallery versions = 4.5.7...
WordPress Eveeno plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Eveeno versions = 1.7...
WordPress ONLYOFFICE DocSpace plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin ONLYOFFICE DocSpace versions = 2.1.1...
WordPress IMS Countdown plugin <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin IMS Countdown versions = 1.3.5...
WordPress Bukza plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Bukza versions = 2.0.0...
WordPress WP GeoNames plugin <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin WP GeoNames versions = 1.9.0.1...
WordPress Plezi plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Plezi versions = 1.0.6...
WordPress GS Filterable Portfolio plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Filterable Portfolio versions = 1.6.3...
WordPress GS Books Showcase plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Books Showcase versions = 1.3.1...
WordPress Smart Agenda plugin <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Smart Agenda versions = 4.6...
WordPress WP Mailster plugin <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Mailster versions = 1.8.17.0...
WordPress Integrate Firebase plugin <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Integrate Firebase versions = 0.9.3...
WordPress WPB Show Core plugin < 2.7 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WPB Show Core versions 2.7...
WordPress Salon booking system plugin < 9.6.3 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by cyc707 in WordPress Plugin Salon booking system versions 9.6.3...
WordPress Arena.IM - Live Blogging for real-time events plugin <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Arena.IM - Live Blogging for real-time events plugin = 0.3.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.3.0...
WordPress Password for WP plugin <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Password for WP versions = 1.5...
WordPress Catch Popup plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Catch Popup versions = 1.4.4...
WordPress WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin = 1.8.8 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Pins for Pinterest versions = 1.8.8...
WordPress Brizy - Page Builder plugin <= 2.4.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability
WordPress Brizy - Page Builder plugin = 2.4.43 - Authenticated Contributor+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by wesley wcraft in WordPress Plugin Brizy versions = 2.4.43...
WordPress Contact Form 7 Connector plugin < 1.2.3 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Contact Form 7 Connector versions 1.2.3...
WordPress WP Courses LMS plugin <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary User Meta Update vulnerability discovered by Thanh Nam Tran in WordPress Plugin WP Courses LMS versions = 3.2.21...
WordPress IdeaPush plugin <= 8.71 - Missing Authorization to Board Term Deletion vulnerability
Missing Authorization to Board Term Deletion vulnerability discovered by Lucio Sá in WordPress Plugin IdeaPush versions = 8.71...
WordPress Store Locator plugin <= 3.98.9 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Jay Nguyen in WordPress Plugin Store Locator versions 3.98.9...
WordPress Koalendar plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via height Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Koalendar versions = 1.0.2...
WordPress Tabs Maker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Pham Van Tam - The Vietnamese Security Network - VSEC in WordPress Plugin Tabs Maker versions = 1.0...
WordPress Social Media Shortcodes plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Social Media Shortcodes versions = 1.3.0...
WordPress Add infos to the events calendar plugin <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Add infos to the events calendar versions = 1.4.1...
WordPress Integrate Google Drive plugin <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export vulnerability
Missing Authorization to Unauthenticated Settings Modification and Export vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Integrate Google Drive versions = 1.3.8...
WordPress My IDX Home Search plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin My IDX Home Search versions = 2.1.1...
WordPress FAQ And Answers - Create Frequently Asked Questions Area on WP Sites plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress FAQ And Answers - Create Frequently Asked Questions Area on WP Sites plugin = 1.1.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin FAQ And Answers – Create Frequently Asked Questions Area on WP Sites versions = 1....
WordPress PowerBI Embed Reports plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin PowerBI Embed Reports versions = 1.1.7...
WordPress Classic Addons - WPBakery Page Builder plugin <= 3.0 - Authenticated (Contributor+) Limited Local PHP File Inclusion vulnerability
WordPress Classic Addons - WPBakery Page Builder plugin = 3.0 - Authenticated Contributor+ Limited Local PHP File Inclusion vulnerability discovered by Nishiv - Developer in WordPress Plugin Classic Addons – WPBakery Page Builder versions = 3.0...
WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation vulnerability
Missing Authorization to Authenticated Subscriber+ New Filter Creation vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3...
WordPress Snippet Shortcodes plugin <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion vulnerability
Authenticated Subscriber+ Shortcode Deletion vulnerability discovered by theviper17y in WordPress Plugin Snippet Shortcodes versions = 4.1.6...