46606 matches found
WordPress Workreap Core plugin <= 3.4.1 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by NAWardRox in WordPress Plugin Workreap Core versions = 3.4.1...
WordPress North theme <= 5.7.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme North versions = 5.7.5...
WordPress North theme <= 5.7.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme North versions = 5.7.5...
WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce Book Price versions = 1.3...
WordPress WP-Members Membership plugin plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability discovered by shark3y in WordPress Plugin WP-Members versions = 3.5.4.3...
WordPress Simply Schedule Appointments plugin <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability
Unauthenticated SQL Injection via order and appendwheresql Parameters vulnerability discovered by shark3y in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.9...
WordPress Wheel of Life plugin <= 1.2.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Wheel of Life versions = 1.2.0...
WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Multilanguage by BestWebSoft versions = 1.5.2...
WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPMasterToolKit versions = 2.14.0...
WordPress NotificationX plugin <= 3.2.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin NotificationX versions = 3.2.1...
WordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by PPzzAArr in WordPress Plugin NextMove Lite versions = 2.23.0...
WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion vulnerability
Missing Authorization to Unauthenticated File Deletion vulnerability discovered by shark3y in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.2...
WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Review versions = 3.5...
WordPress Penci Pay Writer plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Pay Writer versions = 1.5...
WordPress Alma plugin <= 5.16.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan in WordPress Plugin Alma versions = 5.16.1...
WordPress List Site Contributors plugin <= 1.1.8 - Reflected Cross-Site Scripting via alpha vulnerability
Reflected Cross-Site Scripting via alpha vulnerability discovered by 0x34rth in WordPress Plugin List Site Contributors versions = 1.1.8...
WordPress AJS Footnotes plugin <= 1.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by 0x34rth in WordPress Plugin AJS Footnotes versions = 1.0...
WordPress Name Directory plugin <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability
Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by zer0gh0st in WordPress Plugin Name Directory versions = 1.30.3...
WordPress GeekyBot plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zer0gh0st in WordPress Plugin GeekyBot versions = 1.1.8...
WordPress Gotham Block Extra Light plugin <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode vulnerability
Authenticated Contributor+ Arbitrary File Read via 'ghostban' Shortcode vulnerability discovered by 0x34rth in WordPress Plugin Gotham Block Extra Light versions = 1.5.0...
WordPress Shipping Rate By Cities plugin <= 2.0.0 - Unauthenticated SQL Injection via 'city' Parameter vulnerability
Unauthenticated SQL Injection via 'city' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Shipping Rate By Cities versions = 2.0.0...
WordPress News and Blog Designer Bundle plugin <= 1.1 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin News and Blog Designer Bundle versions = 1.1...
WordPress Dreamer Blog theme <= 1.2 - Subscriber+ Arbitrary Plugin Installation vulnerability
Subscriber+ Arbitrary Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Theme Dreamer Blog versions = 1.2...
WordPress Integration Opvius AI for WooCommerce plugin <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path Traversal vulnerability
Unauthenticated Arbitrary File Deletion/Read via Path Traversal vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Integration Opvius AI for WooCommerce versions = 1.3.0...
WordPress Raptive Ads plugin <= 3.10.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Raptive Ads versions = 3.10.0...
WordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Universal Google Adsense and Ads manager versions = 1.1.8...
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Teemu Saarentaus in WordPress Plugin Modular DS versions = 2.5.1...
WordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Simple GDPR Cookie Compliance versions = 2.0.0...
WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin X Addons for Elementor versions = 1.0.23...
WordPress DASHBOARD BUILDER plugin <= 1.5.7 - Cross-Site Request Forgery to SQL Injection vulnerability
Cross-Site Request Forgery to SQL Injection vulnerability discovered by omer yeshayahu in WordPress Plugin DASHBOARD BUILDER versions = 1.5.7...
WordPress WMF Mobile Redirector plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin WMF Mobile Redirector versions = 1.2...
WordPress Short Link plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Administration Settings Page vulnerability discovered by 0x34rth in WordPress Plugin Short Link versions = 1.0...
WordPress Aplazo Payment Gateway plugin <= 1.4.2 - Missing Authorization to Unauthenticated Order Status Manipulation vulnerability
Missing Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Aplazo Payment Gateway versions = 1.4.2...
WordPress PayHere Payment Gateway plugin for WooCommerce plugin <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification vulnerability
Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin PayHere Payment Gateway Plugin for WooCommerce versions = 2.3.9...
WordPress Float Payment Gateway plugin <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation vulnerability
Improper Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Float Payment Gateway versions = 1.1.9...
WordPress WP Allowed Hosts plugin <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'allowed-hosts' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP Allowed Hosts versions = 1.0.8...
WordPress LinkedIn SC plugin <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings Page vulnerability discovered by 0x34rth in WordPress Plugin LinkedIn SC versions = 1.1.9...
WordPress Stopwords for comments plugin <= 1.1 - Missing Authorization to Cross-Site Request Forgery vulnerability
Missing Authorization to Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Stopwords for comments versions = 1.1...
WordPress SocialChamp with WordPress plugin <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin SocialChamp with WordPress versions = 1.3.3...
WordPress Electric Studio Download Counter plugin <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Electric Studio Download Counter versions = 2.4...
WordPress Perfit WooCommerce plugin <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Perfit WooCommerce versions = 1.0.1...
WordPress Sosh Share Buttons plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Sosh Share Buttons versions = 1.1.0...
WordPress GetContentFromURL plugin <= 1.0 - Authenticated (Contributor+) Server-Side Request Forgery via 'url' Shortcode Attribute vulnerability
Authenticated Contributor+ Server-Side Request Forgery via 'url' Shortcode Attribute vulnerability discovered by Ivan Cese in WordPress Plugin GetContentFromURL versions = 1.0...
WordPress Gotham Block Extra Light plugin <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Gotham Block Extra Light versions = 1.5.0...
WordPress Netcash WooCommerce Payment Gateway plugin <= 4.1.3 - Missing Authorization to Unauthenticated Order Status Modification vulnerability
Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Netcash WooCommerce Payment Gateway versions = 4.1.3...
WordPress WPBlogSyn plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update vulnerability
Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin WPBlogSyn versions = 1.0...
WordPress Shipping Rates by City for WooCommerce plugin <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter vulnerability
Authenticated Shop Manager+ SQL Injection via 'cities' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Shipping Rates by City for WooCommerce versions = 1.0.3...
WordPress SpiceForms Form Builder plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SpiceForms Form Builder versions = 1.0...
WordPress Crush.pics Image Optimizer plugin <= 1.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by ChamlaVic in WordPress Plugin Crush.pics Image Optimizer versions = 1.8.7...
WordPress Real Post Slider Lite plugin <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Settings vulnerability discovered by 0x34rth in WordPress Plugin Real Post Slider Lite versions = 2.4...