46606 matches found
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...
WordPress HubSpot plugin <= 11.3.51 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin HubSpot versions = 11.3.51...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability
CSRF to Arbitrary File Deletion vulnerability discovered by VDsec in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...
WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...
WordPress ApplyOnline plugin <= 2.6.7.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin ApplyOnline versions = 2.6.7.6...
WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin ThumbPress versions = 6.3.2...
WordPress Webba Booking plugin <= 6.4.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Webba Booking versions = 6.4.13...
WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin PrivateContent versions = 9.9.2...
WordPress LatePoint – Calendar Booking plugin for Appointments and Events plugin <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator vulnerability
Authenticated Custom+ Privilege Escalation to Administrator vulnerability discovered by d.v4ns3c in WordPress Plugin LatePoint versions = 5.6.3...
WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.2.2 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin NEX-Forms versions = 9.2.2...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...
WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Sensitive Information Disclosure vulnerability discovered by javitoia in WordPress Plugin LearnPress versions = 4.3.9.1...
WordPress Custom Payment Gateways for WooCommerce plugin <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin Custom Payment Gateways for WooCommerce versions = 2.1.0...
WordPress WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin ChatBot versions = 8.4.9...
WordPress WP Google Review Slider plugin <= 18.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin WP Google Review Slider versions = 18.1...
WordPress Webmention plugin <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Volodymyr Kolesnykov in WordPress Plugin Webmention versions = 5.8.0...
WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by suyoung kimAhnLab - AhnLab in WordPress Plugin Ninja Forms versions = 3.14.1...
WordPress BookingPress Appointment Booking Pro plugin <= 5.7.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.7.1...
WordPress WP-BusinessDirectory – Business directory plugin for WordPress plugin <= 4.0.1 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP-BusinessDirectory versions = 4.0.1...
WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.8 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by d.v4ns3c in WordPress Plugin Taskbuilder versions = 5.0.8...
WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.8 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Catalin Oancea 0x4D5A in WordPress Plugin Taskbuilder versions = 5.0.8...
WordPress Visualizer – Tables & Charts Manager with Built-in AI Generator plugin <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Niv Kochan in WordPress Plugin Visualizer versions = 4.0.3...
WordPress SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin <= 3.9.5 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by ? in WordPress Plugin SMS Alert Order Notifications versions = 3.9.5...
WordPress Video Gallery – YouTube Gallery, Playlist & Video Grid plugin <= 4.0.3 - Authenticated (Subscriber+) Arbitrary Function Call vulnerability
Authenticated Subscriber+ Arbitrary Function Call vulnerability discovered by PRISM in WordPress Plugin YouTube Showcase versions = 4.0.3...
WordPress WP Photo Album Plus plugin <= 9.1.13.005 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Photo Album Plus versions = 9.1.13.005...
WordPress MotoPress Appointment Booking plugin <= 2.4.5 - Authenticated (Staff+) SQL Injection vulnerability
Authenticated Staff+ SQL Injection vulnerability discovered by MatilJ in WordPress Plugin MotoPress Appointment Booking versions = 2.4.5...
WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability
Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...
WordPress Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure vulnerability
Authenticated Contributor+ Insufficient Authorization to Private Content Disclosure vulnerability discovered by Abu Hurayra HurayraIIT in WordPress Plugin Slim SEO versions = 4.9.8...
WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability
Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...
WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Modification vulnerability discovered by Michael Perla vizen5 - clixhouse in WordPress Plugin Motors versions = 1.4.111...
WordPress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin LearnPress versions = 4.4.0...
WordPress Download Manager plugin <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Download Manager versions = 3.3.60...
WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.15.3 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by javitoia in WordPress Plugin GiveWP versions = 4.15.3...
WordPress Appointment Booking Calendar plugin <= 1.4.02 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability
Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by PRISM in WordPress Plugin Appointment Booking Calendar versions = 1.4.02...
WordPress WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More plugin <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability
Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Contact Form by WPForms versions = 1.10.2...
WordPress JetWidgets For Elementor plugin <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin JetWidgets For Elementor versions = 1.0.21...
WordPress Event Organiser plugin <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Event Organiser versions = 3.12.9...
WordPress FV Flowplayer Video Player plugin <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FV Flowplayer Video Player versions = 7.5.51.7212...
WordPress Kali Forms — Contact Form & Drag-and-Drop Builder plugin <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Kali Forms versions = 2.4.13...
WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by skyv3il - aisafe.io in WordPress Plugin Tutor LMS versions = 3.9.13...
WordPress Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Optimizer Data Deletion/Read/Modification vulnerability discovered by se1en in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.7.7...
WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.16.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by AmonRa in WordPress Plugin GiveWP versions = 4.16.0...
WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion vulnerability
Authenticated Subscriber+ Missing Authorization to Arbitrary Group Deletion vulnerability discovered by ? in WordPress Plugin JoomSport versions = 5.7.8...
WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability
WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...
WordPress Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability
Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by hackthesoul - TossBank in WordPress Plugin Dokan versions = 5.0.4...
WordPress Frisbii Pay plugin <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Payment Token Modification vulnerability discovered by momopon1415 in WordPress Plugin Frisbii Pay versions = 1.8.9...
WordPress MaxButtons – Create buttons plugin <= 9.8.5 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin MaxButtons versions = 9.8.5...
WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability
WordPress EventON Pro - WordPress Virtual Event Calendar Plugin plugin = 5.0.11 - WordPress Virtual Event Calendar Plugin = 5.0.11 - Unauthenticated Blind SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin EventON versions = 5.0.11...
WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability
Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability
User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...