14603 matches found
Chained Quiz <= 1.0.8 - Unauthenticated SQL Injection
WordPress Plugin Plugin Chained Quiz before 1.0.9 allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. Technical details: Chained Quiz appears to be vulnerable to time-based SQL-Injection. The issue lies on the "$answer" backend variable...
Form Maker by WD < 1.12.24 - CSV Injection
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin was affected by a CSV Injection security vulnerability...
WordPress File Upload <= 4.3.3 - Cross-Site Scripting (XSS)
The WordPress File Upload WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Ninja Forms <= 3.2.13 - Cross-Site Scripting (XSS)
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
PropertyHive <= 1.4.14 - Cross-Site Scripting (XSS)
The PropertyHive WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Social Media Widget by Acurax <= 3.2.5 - Stored XSS & CSRF
The Social Media Widget by Acurax WordPress plugin was affected by a Stored XSS & CSRF security vulnerability...
Smart Google Code Inserter <= 3.4 - Unauthenticated Cross-Site Scripting (XSS)
The Smart Google Code Inserter WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability...
Multiple Mediaburst/Clockwork Plugins - Cross-Site Scripting (XSS)
Reflected XSS via GET parameter "to". Vulnerable Plugins: ------------------------------------------ 1. Clockwork Free and Paid SMS Notifications URL: https://wordpress.org/plugins/mediaburst-email-to-sms/ Version 2.0.3 | By Clockwork 2. Two-Factor Authentication - Clockwork SMS URL:...
2kb Amazon Affiliates Store <= 2.1.0 - Authenticated Cross-Site Scripting (XSS)
Description The 2kb Amazon Affiliates Store WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...
Updraftplus < 1.13.5 - XSS
The UpdraftPlus WordPress Backup Plugin WordPress plugin was affected by a XSS security vulnerability...
rk-responsive-contact-form 1.0 - Authenticated Blind SQL Injection
The rk-responsive-contact-form WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...
wordpress-gallery-transformation 1.0 - Blind SQL Injection
The wordpress-gallery-transformation WordPress plugin was affected by a Blind SQL Injection security vulnerability...
Download Manager <= 2.9.50 - Open Redirect
The WordPress Download Manager WordPress plugin was affected by an Open Redirect security vulnerability...
WP Jobs <= 1.4 - Authenticated SQL Injection
The WP Jobs WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal
Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...
Invite Anyone <= 1.3.14 - Change of Email Invitation Content
The Invite Anyone WordPress plugin was affected by a Change of Email Invitation Content security vulnerability...
Membership Simplified <= 1.58 - Unauthenticated Arbitrary File Download
The plugin is still affected and has been closed...
WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names
...
Democracy Poll < 5.4 - CSRF & XSS
The Democracy Poll WordPress plugin was affected by a CSRF & XSS security vulnerability...
Corner Ad < 1.0.8 - XSS
The Corner Ad WordPress plugin was affected by a XSS security vulnerability...
Echosign <= 1.1 - Reflected Cross-Site Scripting (XSS)
The Echo Sign WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...
Booking Calendar Contact Form < 1.0.24 - XSS & SQL Injection
The Booking Calendar Contact Form WordPress plugin was affected by a XSS & SQL Injection security vulnerability...
Connections <= 8.5.8 - Reflected Cross-Site Scripting (XSS)
Line 320 contains unfiltered user input for the search field being sent directly via echo back to the users browser via the ’s’ variable. In file includes/admin/pages/manage.php Line 320:...
Pie-Register <= 2.0.18 - Authenticated Blind SQL Injection
The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...
Payment Form for PayPal Pro <= 1.0.1 - Multiple Reflected Cross-Site Scripting (XSS)
The Payment Form for PayPal Pro WordPress plugin was affected by a Multiple Reflected Cross-Site Scripting XSS security vulnerability...
CP Reservation Calendar <= 1.1.6 - Unauthenticated SQL Injection
The CP Reservation Calendar WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...
Postmatic <= 1.4.5 - Cross-Site Scripting (XSS)
The Replyable – Subscribe to Comments and Reply by Email WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The navis-documentcloud WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...
Anti-Spam by CleanTalk < 5.22 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...
Googmonify <= 0.5.1 - CSRF & XSS
The Googmonify WordPress plugin was affected by a CSRF & XSS security vulnerability...
Ultimate Member < 1.3.18 - Cross-Site Scripting (XSS)
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Events Manager < 5.6 - Cross-Site Scripting (XSS) & Code Injection
The Events Manager WordPress plugin was affected by a Cross-Site Scripting XSS & Code Injection security vulnerability...
S3Bubble <= 0.7 - Directory Traversal leading to Arbitrary File Access
The last time it was checked the plugin was still affected and had been closed...
Powerplay Gallery - Arbitrary File Upload & SQL Injection
The wp-powerplaygallery WordPress plugin was affected by an Arbitrary File Upload & SQL Injection security vulnerability...
WP Smiley <= 1.4.1 - CSRF & Cross-Site Scripting (XSS)
Cross-Site scripting XSS in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php...
Lattice < 1.1.4 - Unspecified XSS
The lattice WordPress theme was affected by an Unspecified XSS security vulnerability...
Wpml < 3.1.9 - XSS
The wpml WordPress plugin was affected by a XSS security vulnerability...
Google Doc Embedder <= 2.5.18 - Cross-Site Scripting (XSS)
The Google Doc Embedder WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Wordpress Video Gallery <= 2.7 - SQL Injection
The contus-video-gallery WordPress plugin was affected by a SQL Injection security vulnerability. PoC http://example.com/wp-admin/admin-ajax.php?action=rss=video=SQLi...
Banner Effect Header 1.2.6 - XSS & CSRF
The Banner Effect Header WordPress plugin was affected by a XSS & CSRF security vulnerability...
Pods <= 2.4.3 - Authenticated XSS & CSRF
The Pods – Custom Content Types and Fields WordPress plugin was affected by an Authenticated XSS & CSRF security vulnerability...
Lightbox Photo Gallery 1.0 - CSRF/XSS
The lightbox-photo-gallery WordPress plugin was affected by a CSRF/XSS security vulnerability...
W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read
The W3 Total Cache WordPress plugin was affected by an Unauthenticated Arbitrary File Read security vulnerability...
bib2html 0.9.3 - /OSBiB/create/index.php styleShortName Parameter XSS
The bib2html WordPress plugin was affected by a /OSBiB/create/index.php styleShortName Parameter XSS security vulnerability...
Lazyest Gallery <= 1.1.20 - EXIF Script Insertion
The Lazyest Gallery WordPress plugin was affected by an EXIF Script Insertion security vulnerability...
LayerSlider 4.6.1 - Style Editing CSRF
The LayerSlider WordPress plugin was affected by a Style Editing CSRF security vulnerability...
mTouch Quiz 3.0.6 - question.php quiz Parameter Reflected XSS
The mTouch Quiz WordPress plugin was affected by a question.php quiz Parameter Reflected XSS security vulnerability...
click-to-copy-grab-box <= 0.1.1 - XSS in ZeroClipboard
The click-to-copy-grab-box WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard
The ed2k-link-selector WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
Audio Player - player.swf playerID Parameter XSS
The audio-player WordPress plugin was affected by a player.swf playerID Parameter XSS security vulnerability...