46618 matches found
WordPress Getwid plugin <= 2.0.10 - Missing Authorization to Google API key update vulnerability
Missing Authorization to Google API key update vulnerability discovered by Peter Thaleikis in WordPress Plugin Getwid versions = 2.0.10...
WordPress SEO Plugin by Squirrly SEO plugin <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter vulnerability
Authenticated Contributor+ SQL Injection via url Parameter vulnerability discovered by bart in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.3.19...
WordPress FluentForm plugin <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra - Monarch Digital Indonesia in WordPress Plugin FluentForm versions = 5.1.19...
WordPress FluentForm plugin <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Joel Indra - Monarch Digital Indonesia in WordPress Plugin FluentForm versions = 5.1.19...
WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via TP Page Scroll Widget vulnerability discovered by stealthcopter in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.6.2...
WordPress Flamix: Bitrix24 and Contact Form 7 integrations plugin <= 3.1.0 - Unauthenticated Full Path Disclosure vulnerability
Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Flamix: Bitrix24 and Contact Form 7 integrations versions = 3.1.0...
WordPress Elegant Addons for elementor plugin <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets vulnerability discovered by stealthcopter in WordPress Plugin Elegant Addons for elementor versions = 1.0.8...
WordPress Easy Digital Downloads plugin <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via Currency Settings vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Easy Digital Downloads versions = 3.3.2...
WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings vulnerability
WordPress HT Mega - Absolute Addons For Elementor plugin = 2.5.5 - Authenticated Contributor+ Stored Cross-Site Scripting via Video Player Widget Settings vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Plugin HT Mega versions = 2.5.5...
WordPress Post and Page Builder by BoldGrid plugin <= 1.26.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.26.6...
WordPress Smart Online Order for Clover plugin <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Data Update vulnerability discovered by Lucio Sá in WordPress Plugin Smart Online Order for Clover versions = 1.5.6...
WordPress Elementor Addon Elements plugin <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Elementor Addon Elements versions = 1.13.6...
WordPress Eventin plugin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin Eventin versions = 4.0.8...
WordPress Geo Controller plugin <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution vulnerability
Missing Authorization to Unauthenticated Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Geo Controller versions = 8.6.9...
WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...
WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...
WordPress HelloAsso plugin <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update vulnerability
Missing Authorization to Authenticated Contributor+ Limited Options Update vulnerability discovered by Peter Thaleikis in WordPress Plugin HelloAsso versions = 1.1.10...
WordPress Enter Addons plugin <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Events Card Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Events Card Widget vulnerability discovered by lowol in WordPress Plugin Enter Addons versions = 2.1.8...
WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...
WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...
WordPress Community by PeepSo plugin <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Community by PeepSo versions = 6.4.5.0...
WordPress Bit Form plugin 2.0 - 2.13.9 - Authenticated (Administrator+) SQL Injection vulnerability
WordPress Bit Form plugin 2.0 - 2.13.9 - Authenticated Administrator+ SQL Injection vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit Form versions 2.0-2.13.9...
WordPress WPBakery Page Builder plugin <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via VC Single Image link attribute vulnerability discovered by wesley wcraft in WordPress Plugin WPBakery Page Builder versions = 7.6...
WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin <= 4.1.2 - Missing Authorization to Arbitrary Options Update vulnerability
WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin = 4.1.2 - Missing Authorization to Arbitrary Options Update vulnerability discovered by 1337Wannabe - home in WordPress Plugin PostX versions = 4.1.2...
WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.3.8.1...
WordPress Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Element Pack Elementor Addons versions = 5.6.11...
WordPress Tutor LMS Elementor Addons plugin <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Course Carousel Widget vulnerability discovered by wesley wcraft in WordPress Plugin Tutor LMS Elementor Addons versions = 2.1.4...
WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings vulnerability
WordPress The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 5.6.2 - Authenticated Contributor+ Stored Cross-Site Scripting via Testimonials Widget Settings vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin The Plus Addons...
WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Affiliate Editing vulnerability
Reflected XSS via Affiliate Editing vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...
WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Registration Form vulnerability
Reflected XSS via Registration Form vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...
WordPress ARMember Premium plugin <= 6.7 - Cross-Site Request Forgery via multiple functions vulnerability
Cross-Site Request Forgery via multiple functions vulnerability discovered by István Márton - Wordfence in WordPress Plugin ARMember Premium versions = 6.7...
WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Lead Editing vulnerability
Reflected XSS via Lead Editing vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...
WordPress WP Affiliate Platform plugin < 6.5.1 - Reflected XSS via Banner Editing vulnerability
Reflected XSS via Banner Editing vulnerability discovered by Bob Matyas in WordPress Plugin Affiliate Manager versions 6.5.1...
WordPress GiveWP - Donation Plugin and Fundraising Platform plugin <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability
WordPress GiveWP - Donation Plugin and Fundraising Platform plugin = 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability discovered by villu164 in WordPress Plugin GiveWP versions = 3.14.1...
WordPress WP eStore plugin < 8.5.5 - Reflected XSS in Discount Editing vulnerability
Reflected XSS in Discount Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...
WordPress WP eStore plugin < 8.5.5 - Reflected XSS in Customer Editing vulnerability
Reflected XSS in Customer Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...
WordPress WP eStore plugin < 8.5.5 - Reflected XSS in Category Editing vulnerability
Reflected XSS in Category Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.5...
WordPress WP eStore plugin < 8.5.6 - Reflected XSS in Product Editing vulnerability
Reflected XSS in Product Editing vulnerability discovered by Bob Matyas in WordPress Plugin WP eStore versions 8.5.6...
WordPress WP eMember plugin < 10.6.6 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP eMember versions 10.6.6...
WordPress Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion vulnerability
WordPress Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin = 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Funnelforms Free versions = 3.7.3.2...
WordPress SP Project & Document Manager plugin <= 4.71 - Subscriber+ File Download via IDOR vulnerability
Subscriber+ File Download via IDOR vulnerability discovered by fewwords in WordPress Plugin SP Project & Document Manager versions = 4.71...
WordPress Newsletter Popup plugin <= 1.2 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Newsletter Popup versions = 1.2...
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'email' vulnerability discovered by shaman0x01 - Shaman Red Team in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.112...
WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin <= 3.4.4 - Authenticated (Subscriber+) SQL Injection via Number Field Filter vulnerability
WordPress SupportCandy - Helpdesk & Customer Support Ticket System plugin = 3.4.4 - Authenticated Subscriber+ SQL Injection via Number Field Filter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin SupportCandy versions = 3.4.4...
WordPress PDF Generator Addon for Elementor Page Builder plugin <= 2.0.0 - Unauthenticated Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download vulnerability discovered by stealthcopter in WordPress Plugin PDF Generator Addon for Elementor Page Builder versions = 2.0.0...
WordPress Blockspare plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Blockspare versions = 3.2.4...
WordPress Simple Popup Plugin plugin <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Simple Popup versions = 4.5...
WordPress Essential Addons for Elementor plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Filterable Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin Essential Addons for Elementor versions = 6.0.3...
WordPress Confetti Fall Animation plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Confetti Fall Animation versions = 1.3.1...
WordPress Royal Elementor Addons and Template plugin <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Google Maps Widget vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...