46677 matches found
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload vulnerability
Unauthenticated Arbitrary File Copy/Upload vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Contact Form Entries versions = 1.5.1...
WordPress Request a Quote – Quote Forms for Any WordPress Site plugin <= 2.5.5 - Unauthenticated Code Injection vulnerability
Unauthenticated Code Injection vulnerability discovered by Mitchell in WordPress Plugin Request a Quote versions = 2.5.5...
WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...
WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.0...
WordPress Worth The Read plugin <= 1.14.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Worth The Read versions = 1.14.3...
WordPress Upking - Hiking Club WordPress theme theme <= 1.4 - Broken Access Control vulnerability
WordPress Upking - Hiking Club WordPress theme theme = 1.4 - Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Upking - Hiking Club WordPress Theme versions = 1.4...
WordPress The Restaurant theme <= 1.4.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Restaurant versions = 1.4.1...
WordPress Swiss Toolkit For WP plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Swiss Toolkit For WP versions = 1.4.6...
WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Surbma | Yoast SEO Breadcrumb Shortcode versions = 1.2...
WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Simple URLs versions = 151...
WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Structured Content versions = 1.7.0...
WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by adhikara13 in WordPress Theme SEOWP versions = 3.12.2...
WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Sendcloud Shipping versions = 1.0.29...
WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability
CSRF to Account Takeover vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.7...
WordPress PressGrid - Frontend Publish Reaction & Multimedia theme theme <= 1.3.1 - Broken Access Control vulnerability
WordPress PressGrid - Frontend Publish Reaction & Multimedia theme theme = 1.3.1 - Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PressGrid - Frontend Publish Reaction & Multimedia Theme versions = 1.3.1...
WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.2...
WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by R2D2 in WordPress Plugin pCloud WP Backup versions = 2.0.2...
WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Mosaic Gallery Advanced Gallery versions = 1.2.0...
WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...
WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Kit formerly ConvertKit for WooCommerce versions = 2.1.5...
WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Evan NR in WordPress Plugin iNET Webkit versions 1.2.4...
WordPress Fuse Social Floating Sidebar plugin <= 5.4.13 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Fuse Social Floating Sidebar versions = 5.4.13...
WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin ez Form Calculator Premium versions = 2.14.1.2...
WordPress Admin Tweaks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Tweaks versions = 3.3.3...
WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by w41bu1 in WordPress Plugin SportsPress Pro versions = 2.7.29...
WordPress Shopify plugin <= 1.0.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Rafie Muhammad in WordPress Plugin Shopify versions = 1.0.0...
WordPress Booked plugin <= 3.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin Booked versions = 3.0.0...
WordPress Ninja Forms - File Uploads plugin <= 3.3.29 - Unauthenticated Arbitrary File Read vulnerability
WordPress Ninja Forms - File Uploads plugin = 3.3.29 - Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.29...
WordPress Perfmatters plugin <= 2.6.4 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin perfmatters versions = 2.6.4...
WordPress WP Review Slider Pro plugin <= 12.7.2 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.7.2...
WordPress Blocksy Companion plugin <= 2.1.46 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion versions = 2.1.46...
WordPress Divi Form Builder plugin <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability
Unauthenticated Arbitrary File Upload Leading to Remote Code Execution vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Divi Form Builder versions = 5.1.8...
WordPress Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin <= 2.7.6 - Unauthenticated Insecure Direct Object Reference vulnerability
Unauthenticated Insecure Direct Object Reference vulnerability discovered by davidfdzmorilla in WordPress Plugin Wappointment versions = 2.7.6...
WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by PRISM in WordPress Plugin Feedzy versions = 5.2.1...
WordPress Product Video Gallery for Woocommerce plugin <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting vulnerability
Authenticated Shop Manager+ Stored Cross-Site Scripting vulnerability discovered by Ravindu Lakmina Munaweera in WordPress Plugin Product Video Gallery for Woocommerce versions = 1.5.1.8...
WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.8 - Authenticated (Custom+) SQL Injection vulnerability
Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.8...
WordPress My Calendar – Accessible Event Manager plugin <= 3.7.14 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability
Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by ? in WordPress Plugin My Calendar versions = 3.7.14...
WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.6.2 - Unauthenticated Insecure Direct Object Reference to Arbitrary Creation vulnerability
Unauthenticated Insecure Direct Object Reference to Arbitrary Creation vulnerability discovered by gidget smith in WordPress Plugin LatePoint versions = 5.6.2...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Jagadesh Achanta - Independent in WordPress Plugin Kirki versions = 6.0.11...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability
Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...
WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification vulnerability
Authenticated Subscriber+ Missing Authorization to Arbitrary Group Creation/Modification vulnerability discovered by ? in WordPress Plugin JoomSport versions = 5.7.8...
WordPress JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Niv Kochan in WordPress Plugin JetFormBuilder versions = 3.6.3...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...
WordPress HubSpot plugin <= 11.3.51 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin HubSpot versions = 11.3.51...
WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion vulnerability
Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Image Optimizer by Elementor versions = 1.7.4...
WordPress Insert Pages plugin <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Insert Pages versions = 3.11.4...
WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability
Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...
WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting vulnerability
Authenticated Give Worker+ Stored Cross-Site Scripting vulnerability discovered by Chirita Catalin-Andrei CC99IE - aisafe.io in WordPress Plugin GiveWP versions = 4.16.1...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability
CSRF to Arbitrary File Deletion vulnerability discovered by VDsec in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...
WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...