45948 matches found
WordPress DotLife theme < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme DotLife versions 4.9.5...
WordPress Hoteller theme < 6.8.9 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Hoteller versions 6.8.9...
WordPress Hostiko theme < 94.3.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Hostiko versions 94.3.6...
WordPress CarSpot theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme CarSpot versions 2.4.6...
WordPress Notifier plugin <= 2.7.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Notifier versions = 2.7.13...
WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme AdForest versions = 6.0.11...
WordPress Nelio AB Testing plugin <= 8.1.8 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by daroo in WordPress Plugin Nelio AB Testing versions = 8.1.8...
WordPress MailerLite – WooCommerce integration plugin <= 3.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by NumeX in WordPress Plugin MailerLite – WooCommerce integration versions = 3.1.2...
WordPress Scalenut plugin <= 1.1.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Scalenut versions = 1.1.5...
WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 2.0.1...
WordPress Directorist Social Login plugin <= 2.1.1 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Directorist Social Login versions = 2.1.1...
WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Simple Membership WP user Import versions = 1.9.1...
WordPress Directorist Booking plugin <= 2.4.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Directorist Booking versions = 2.4.1...
WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Ai Image Alt Text Generator for WP versions = 1.1.9...
WordPress Bold Page Builder plugin <= 5.6.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Bold Page Builder versions = 5.6.6...
WordPress AdForest Elementor plugin <= 3.0.11 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin AdForest Elementor versions = 3.0.11...
WordPress TableOn plugin <= 1.0.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin TableOn versions = 1.0.4.2...
WordPress MemberPress Discord Addon plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin MemberPress Discord Addon versions = 1.1.4...
WordPress Easy Theme Options plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Easy Theme Options versions = 1.0...
WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin iRobots.txt SEO versions = 1.1.2...
WordPress Ravpage plugin <= 2.33 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Ravpage versions = 2.33...
WordPress Simply Schedule Appointments plugin <= 1.6.9.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.15...
WordPress wpCAS plugin <= 1.07 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0xVenus in WordPress Plugin wpCAS versions = 1.07...
WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action vulnerability
Unauthenticated Privilege Escalation via Insert User Form Action vulnerability discovered by andrea bocchetti in WordPress Plugin Advanced Custom Fields: Extended versions = 0.9.2.1...
WordPress Koko Analytics plugin <= 2.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Hector Ruiz Ruiz in WordPress Plugin Koko Analytics versions = 2.1.2...
WordPress Custom Fonts - Host Your Fonts Locally plugin <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability
WordPress Custom Fonts - Host Your Fonts Locally plugin = 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability discovered by type5afe in WordPress Plugin Custom Fonts – Host Your Fonts Locally versions = 2.1.16...
WordPress e-xact-hosted-payment plugin <= 2.0 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin E-xact Hosted Payment versions = 2.0...
WordPress Dokan plugin <= 4.2.4 - Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure vulnerability
Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure vulnerability discovered by shark3y in WordPress Plugin Dokan versions = 4.2.4...
WordPress Enfold theme <= 7.1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Enfold versions = 7.1.3...
WordPress WP Hello Bar plugin <= 1.02 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'digitone' and 'digittwo' Parameters vulnerability discovered by 0x34rth in WordPress Plugin WP Hello Bar versions = 1.02...
WordPress Viet contact plugin <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability discovered by 0x34rth in WordPress Plugin Viet contact versions = 1.3.2...
WordPress weMail plugin <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability
Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability discovered by shark3y in WordPress Plugin weMail versions = 2.0.7...
WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability
WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability discovered by andrea bocchetti in WordPress Plugin LearnPress versions = 4.3.2.4...
WordPress PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification vulnerability
WordPress PeachPay - Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net plugin = 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugi...
WordPress Newsletter - Send awesome emails from WordPress plugin <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability
WordPress Newsletter - Send awesome emails from WordPress plugin = 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability discovered by WordFence in WordPress Plugin Newsletter versions = 9.1.0...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Gallery Management vulnerability discovered by WordFence in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.9...
WordPress Ecwid Shopping Cart plugin <= 7.0.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin Ecwid Shopping Cart versions = 7.0.5...
WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin Points and Rewards for WooCommerce versions = 2.9.5...
WordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin SEO Booster versions = 6.1.8...
WordPress PostX plugin <= 5.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin PostX versions = 5.0.3...
WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Andrea Bocchetti in WordPress Plugin Simple Membership versions = 4.6.9...
WordPress GDPR CCPA Compliance Support plugin <= 2.7.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.4...
WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Mdr in WordPress Plugin Xpro Elementor Addons versions = 1.4.19.1...
WordPress Werkstatt theme < 4.8.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Werkstatt versions 4.8.3...
WordPress Table of Contents Creator plugin <= 1.6.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Table of Contents Creator versions = 1.6.4.1...
WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin My Post Order versions = 1.2.1.1...
WordPress Broadstreet Ads plugin <= 1.52.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Broadstreet Ads versions = 1.52.1...
WordPress Order Listener for WooCommerce plugin <= 3.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Order Listener for WooCommerce versions = 3.6.1...
WordPress My auctions allegro plugin <= 3.6.32 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin My auctions allegro versions = 3.6.32...
WordPress ShoutOut plugin <= 4.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin ShoutOut versions = 4.0.2...