46618 matches found
WordPress Slider Revolution plugin <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Add Layer class, id, and title Attributes vulnerability discovered by wesley wcraft in WordPress Plugin Slider Revolution versions = 6.7.10...
WordPress Slider Revolution plugin <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.10...
WordPress WooCommerce - PDF Vouchers plugin <= 4.9.3 - Authentication Bypass to Voucher Vendor vulnerability
WordPress WooCommerce - PDF Vouchers plugin = 4.9.3 - Authentication Bypass to Voucher Vendor vulnerability discovered by István Márton - Wordfence in WordPress Plugin WooCommerce PDF Vouchers versions = 4.9.3...
WordPress Zephyr Project Manager plugin <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation vulnerability
Authenticated Subscriber+ Limited Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Zephyr Project Manager versions = 3.3.101...
WordPress WooCommerce Social Login plugin <= 2.7.3 - Unauthenticated Authentication Bypass vulnerability
Unauthenticated Authentication Bypass vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...
WordPress WooCommerce Social Login plugin <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability
Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...
WordPress WooCommerce Social Login plugin <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password vulnerability
Unauthenticated Privilege Escalation via One-Time Password vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...
WordPress OSM plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof ZajÄ…c - CERT PL in WordPress Plugin OSM versions = 6.0.3...
WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via contentblock Shortcode vulnerability discovered by Alex Thomas - Wordfence in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.0...
WordPress Elementor Addons by Livemesh plugin <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Posts Grid vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Livemesh Addons for Elementor versions = 8.3.7...
WordPress Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin <= 5.7.17 - Missing Authorization vulnerability
WordPress Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin = 5.7.17 - Missing Authorization vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.17...
WordPress Premium Addons for Elementor plugin <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'arrowstyle' vulnerability discovered by stealthcopter in WordPress Plugin Premium Addons for Elementor versions = 4.10.28...
WordPress Enter Addons plugin <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Animation Title widget img tag vulnerability discovered by Sebastião Gavião Sebastgav - Gavsec in WordPress Plugin Enter Addons versions = 2.1.5...
WordPress Advanced Contact form 7 DB plugin <= 2.0.2 - Sensitive Information Exposure vulnerability
Sensitive Information Exposure vulnerability discovered by Tim Coen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.2...
WordPress Happy Addons for Elementor plugin <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline vulnerability discovered by stealthcopter in WordPress Plugin Happy Addons for Elementor versions = 3.10.4...
WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Testimonial Carousel For Elementor versions = 10.1.1...
WordPress Login Logout Register Menu plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability discovered by Krzysztof ZajÄ…c - CERT PL in WordPress Plugin Login Logout Register Menu versions = 2.0...
WordPress Essential Addons for Elementor plugin <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.15...
WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...
WordPress Porto Theme - Functionality plugin <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta vulnerability
WordPress Porto Theme - Functionality plugin = 3.0.9 - Authenticated Contributor+ Local File Inclusion via Post Meta vulnerability discovered by István Márton - Wordfence in WordPress Plugin Porto Theme - Functionality versions = 3.0.9...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Accordion Title Tags vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Royal Elementor Addons versions = 1.3.971...
WordPress Salient Core plugin <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Core versions = 2.0.7...
WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...
WordPress WP To Do plugin <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Task Comments vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via Task Comments vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP To Do versions = 1.3.0...
WordPress WP To Do plugin <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage() vulnerability
Cross-Site Request Forgery via wptodomanage vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP To Do versions = 1.3.0...
WordPress Testimonials Widget plugin <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode vulnerability
Authenticated Author+ Stored Cross-Site Scripting via testimonials Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Testimonials Widget versions = 4.0.4...
WordPress WP To Do plugin <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings vulnerability
Cross-Site Request Forgery via wptodosettings vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP To Do versions = 1.3.0...
WordPress HT Mega plugin <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Gallery Justify vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin HT Mega versions = 2.5.0...
WordPress Exclusive Addons for Elementor plugin <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Call to Action vulnerability discovered by stealthcopter in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.4...
WordPress Prime Slider - Addons For Elementor plugin <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget vulnerability
WordPress Prime Slider - Addons For Elementor plugin = 3.14.1 - Authenticated Contributor+ Stored Cross-Site Scripting via Pagepiling Widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Prime Slider – Addons For Elementor versions = 3.14.1...
WordPress Import and export users and customers plugin <= 1.26.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by quanhx in WordPress Plugin Import and export users and customers versions = 1.26.6.1...
WordPress Combo Blocks plugin <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Block Attribute vulnerability discovered by stealthcopter in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.2.80...
WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typer Effect vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Typer Effect vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.37...
WordPress Royal Elementor Addons and Templates plugin <= 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Back to Top Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Back to Top Widget vulnerability discovered by wesley wcraft in WordPress Plugin Royal Elementor Addons versions = 1.3.975...
WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.36...
WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting in Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin themesflat-addons-for-elementor versions = 2.1.2...
WordPress Piotnet Addons For Elementor plugin <= 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widget Attributes vulnerability discovered by stealthcopter in WordPress Plugin Piotnet Addons For Elementor versions = 2.4.28...
WordPress Ultimate Blocks plugin <= 3.1.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple Blocks vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Multiple Blocks vulnerability discovered by Webbernaut in WordPress Plugin Ultimate Blocks versions = 3.1.9...
WordPress Sina Extension for Elementor plugin <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting vulnerability
Authenticated Contributor+ DOM-Based Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Sina Extension for Elementor versions = 3.5.3...
WordPress Premium Addons for Elementor plugin <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Fancy Text Widget vulnerability discovered by Webbernaut in WordPress Plugin Premium Addons for Elementor versions = 4.10.31...
WordPress Premium Addons for Elementor plugin <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Global Tooltip vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Global Tooltip vulnerability discovered by wesley wcraft in WordPress Plugin Premium Addons for Elementor versions = 4.10.31...
WordPress Happy Addons for Elementor plugin <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by stealthcopter in WordPress Plugin Happy Addons for Elementor versions = 3.10.7...
WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id and eaeslideranimation Parameters vulnerability discovered by stealthcopter in WordPress Plugin Elementor Addon Elements versions = 1.13.5...
WordPress Essential Addons for Elementor plugin <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Several Widgets vulnerability discovered by Webbernaut in WordPress Plugin Essential Addons for Elementor versions = 5.9.19...
WordPress Essential Addons for Elementor plugin <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' vulnerability discovered by stealthcopter in WordPress Plugin Essential Addons for Elementor versions = 5.9.19...
WordPress FileOrganizer plugin <= 1.0.7 - Sensitive Information Exposure via Directory Listing vulnerability
Sensitive Information Exposure via Directory Listing vulnerability discovered by emad in WordPress Plugin FileOrganizer versions = 1.0.7...
WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 1.6.4...
WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id, oxiaddonsftitletag, and contentdescriptiontag Parameters vulnerability discovered by stealthcopter in WordPress Plugin Image Hover Effects - Caption Hover with Carousel versions = 3.0.2...
WordPress Happy Addons for Elementor plugin <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Image Accordion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Happy Addons for Elementor versions = 3.10.9...
WordPress Happy Addons for Elementor plugin <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Thanh Nam Tran in WordPress Plugin Happy Addons for Elementor versions = 3.10.8...