46624 matches found
WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Messenger Chat Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...
WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multi Scroll Widget vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...
WordPress ThirstyAffiliates plugin <= 3.11.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ThirstyAffiliates versions = 3.11.9...
WordPress FooGallery plugin <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Robert Kruczek ProXy - Safety-Online.pl in WordPress Plugin FooGallery versions = 2.4.14...
WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget vulnerability
WordPress HT Mega - Absolute Addons For Elementor plugin = 2.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Lightbox Widget vulnerability discovered by wesley wcraft in WordPress Plugin HT Mega versions = 2.4.6...
WordPress Elementor Addon Elements plugin <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.2...
WordPress Elementor Addon Elements plugin <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Twitter Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.13.3...
WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.4...
WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget vulnerability
WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Icons Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...
WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget vulnerability
WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Info Table Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...
WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget vulnerability
WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Heading Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...
WordPress Ultimate Addons for Beaver Builder - Lite plugin <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget vulnerability
WordPress Ultimate Addons for Beaver Builder - Lite plugin = 1.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Separator Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Addons for Beaver Builder – Lite versions = 1.5.7...
WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...
WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Box Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...
WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Testimonials Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...
WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Team Members Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...
WordPress The Plus Addons for Elementor plugin <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing vulnerability
Authenticated Contributor+ Local File Inclusion via Team Member Listing vulnerability discovered by wesley wcraft in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.1...
WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Global Badge Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...
WordPress Run Contests, Raffles, and Giveaways with ContestsWP plugin <= 2.0.7 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin Run Contests, Raffles, and Giveaways with ContestsWP versions = 2.0.7...
WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin CMSMasters Content Composer versions = 1.4.5...
WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Mouse Cursor Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...
WordPress Premium Addons PRO plugin <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Premium Magic Scroll Module vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons PRO versions = 2.9.12...
WordPress Essential Blocks plugin <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Essential Blocks for Gutenberg versions = 4.5.3...
WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via accordions Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.3...
WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Post Grid vulnerability discovered by wesley wcraft in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.2...
WordPress Essential Addons for Elementor plugin <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin Essential Addons for Elementor versions = 5.9.11...
WordPress Font Farsi plugin <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by emad in WordPress Plugin Font Farsi versions = 1.6.6...
WordPress EmbedPress plugin <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' vulnerability
Authenticated Contributor+ Stored Cross-site Scripting via 'embedpressdoccustomcolor' vulnerability discovered by WordFence in WordPress Plugin EmbedPress versions = 3.9.12...
WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card vulnerability
Authenticated Contibutor+ Stored Cross-Site Scripting via Hover Card vulnerability discovered by Colin Xu in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.5.4...
WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Age Gate vulnerability discovered by Phuoc Pham p3tl0v3r - VNPT Cyber Immunity in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...
WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via titletag vulnerability discovered by wesley wcraft in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...
WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Page Title HTML Tag vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...
WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Post Title HTML Tag vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...
WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Calendy vulnerability discovered by ST in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Royal Elementor Addons versions = 1.3.971...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via HTML Tags vulnerability discovered by WordFence in WordPress Plugin Royal Elementor Addons versions = 1.3.971...
WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Widget Tags vulnerability discovered by João G. Barbosa 4rCanJ0x! in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...
WordPress SVS Pricing Tables plugin <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion vulnerability
Cross-Site Request Forgery to Pricing Table Deletion vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin SVS Pricing Tables versions = 1.0.4...
WordPress Elementor Addons by Livemesh plugin <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Various Widgets vulnerability discovered by wesley wcraft in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.7...
WordPress WPB Elementor Addons plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin WPB Elementor Addons versions = 1.0.9...
WordPress Easy WP SMTP by SendLayer plugin <= 2.3.0 - Exposure of Sensitive Information via the UI vulnerability
Exposure of Sensitive Information via the UI vulnerability discovered by Finsand in WordPress Plugin Easy WP SMTP versions = 2.3.0...
WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...
WordPress Jeg Elementor Kit plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Testimonial vulnerability discovered by wesley wcraft in WordPress Plugin Jeg Elementor Kit versions = 2.6.3...
WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Attributes vulnerability discovered by Tim Coen in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...
WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...
WordPress EmbedPress plugin <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Youtube Block vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin EmbedPress versions = 3.9.14...
WordPress Bold Page Builder plugin <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Widget URL Attribute vulnerability discovered by wesley wcraft in WordPress Plugin Bold Page Builder versions = 4.8.8...
WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget vulnerability
WordPress HT Mega - Absolute Addons For Elementor plugin = 2.4.9 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Grid Widget vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin HT Mega versions = 2.4.9...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'auxgmaps' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...
WordPress Colibri Page Builder plugin <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'colibribreadcrumbelement' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Colibri Page Builder versions = 1.0.272...