14602 matches found
Google Document Embedder <= 2.5.14 - SQL Injection
The Google Doc Embedder WordPress plugin was affected by a SQL Injection security vulnerability...
WP Support Plus Responsive Ticket System < 4.2 - Multiple Issues
The WP Support Plus Responsive Ticket System WordPress plugin was affected by a Multiple Issues security vulnerability...
Another WordPress Classifieds Plugin < 3.0 - SQLi & XSS
The WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds WordPress plugin was affected by a SQLi & XSS security vulnerability...
BulletProof Security <= .51 - Multiple Vulnerabilities (XSS & SSRF)
The BulletProof Security WordPress plugin was affected by a Multiple Vulnerabilities XSS & SSRF security vulnerability...
All Video Gallery 1.2 - SQL Injection
The all-video-gallery WordPress plugin was affected by a SQL Injection security vulnerability...
Login Widget With Shortcode 3.1.1 - CSRF/XSS
The Login Widget With Shortcode WordPress plugin was affected by a CSRF/XSS security vulnerability...
Compfight < 1.5 Cross-Site Scripting (XSS)
The compfight WordPress plugin was affected by security vulnerability...
All Video Gallery 1.1 - config.php Multiple Parameter SQL Injection
The all-video-gallery WordPress plugin was affected by a config.php Multiple Parameter SQL Injection security vulnerability...
WP Content Source Control <= 3.0.0 - Path Traversal
The WP Source Control WordPress plugin was affected by a Path Traversal security vulnerability...
WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
...
Classic 1.5 - PHP_SELF XSS
The Classic WordPress theme was affected by a PHPSELF XSS security vulnerability...
scarlet <= 1.1.3 - XSS in ZeroClipboard.swf
The scarlet WordPress theme was affected by a XSS in ZeroClipboard.swf security vulnerability...
Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF
The member-approval WordPress plugin was affected by a wp-admin/options-general.php Option Manipulation CSRF security vulnerability...
Yahoo Updates < 1.0 - XSS vulnerabilities in yupdates_application.php
The yahoo-updates-for-wordpress WordPress plugin was affected by a XSS vulnerabilities in yupdatesapplication.php security vulnerability...
JW Player 2.1.2 - wp-admin/admin.php Player Deletion CSRF
The jw-player-plugin-for-wordpress WordPress plugin was affected by a wp-admin/admin.php Player Deletion CSRF security vulnerability...
Twitget 3.3.1 - twitget.php Twitter Setting Manipulation CSRF
The Twitget WordPress plugin was affected by a twitget.php Twitter Setting Manipulation CSRF security vulnerability...
Connections <= 0.7.1.5 - Unspecified Security
The Connections Business Directory WordPress plugin was affected by an Unspecified Security security vulnerability...
Comment Attachment 1.0 - XSS
The Comment Attachment WordPress plugin was affected by a XSS security vulnerability...
Xorbin Digital Flash Clock 1.0 - Flash-based XSS
The xorbin-digital-flash-clock WordPress plugin was affected by a Flash-based XSS security vulnerability...
Digg Digg 5.3.4 - Setting Manipulation CSRF
The digg-digg WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
Related Posts 2.7.1 - Cross-Site Request Forgery
The related-posts WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...
wp-cleanfix - Remote Comm& Execution, CSRF & XSS
The WP CleanFix WordPress plugin was affected by a Remote Comm& Execution, CSRF & XSS security vulnerability...
WP Clone by WP Academy <= 2.1.1 - XSS in ZeroClipboard
The Clone WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
buckets <= 0.1.9.2 - XSS in ZeroClipboard
The Buckets WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
coupon-code-plugin <= 2.1 - XSS in ZeroClipboard
The coupon-code-plugin WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
WP-PostViews 1.62 - Setting Manipulation CSRF
The WP-PostViews WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
Events Manager 5.3.3 - Multiple Cross-Site Scripting (XSS)
The Events Manager WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...
Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass
The portable-phpmyadmin WordPress plugin was affected by a Multiple Script Direct Request Authentication Bypass security vulnerability...
RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution
The rbxgallery WordPress plugin was affected by an uploader.php File Upload PHP Code Execution security vulnerability...
VideoWhisper Live Streaming Integration <= 4.25.3 - Cross-Site Scripting (XSS)
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Google Document Embedder 2.4.6 - pdf.php file Parameter Arbitrary File Disclosure
The Google Doc Embedder WordPress plugin was affected by a pdf.php file Parameter Arbitrary File Disclosure security vulnerability...
Sahifa 2.4.0 - Multiple Full Path Disclosure
The sahifa WordPress theme was affected by a Multiple Full Path Disclosure security vulnerability...
Subscribe To Comments Reloaded 140204 - options/index.php manager_page Parameter Stored XSS Weakness
The Subscribe To Comments Reloaded WordPress plugin was affected by an options/index.php managerpage Parameter Stored XSS Weakness security vulnerability...
wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload
The wpstorecart WordPress plugin was affected by an Arbitrary File Upload security vulnerability...
R&om Banner 1.1.2.1 - Cross-Site Scripting (XSS)
The Random Banner WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Ooorl <= 1.0.0 - XSS
Plugin is still affected and has been closed...
Nextend Facebook Connect <= 1.4.59 - Cross-Site Scripting (XSS)
The Nextend Social Login and Register WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload
The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild. PoC The affected file was:...
Events Manager < 5.5 - Cross-Site Scripting (XSS)
The Events Manager WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
WordPress 3.5.1 - Multiple Cross-Site Scripting (XSS)
...
BackWPup <= 3.0.12 - Authenticated Cross-Site Scripting (XSS)
The BackWPup – WordPress Backup Plugin WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...
Backupbuddy - importbuddy.php Direct Request Remote Backup File Disclosure
The backupbuddy WordPress plugin was affected by an importbuddy.php Direct Request Remote Backup File Disclosure security vulnerability...
Member Private Conversation < 1.4 - Unrestricted File Upload
The Nmedia WordPress Member Conversation WordPress plugin was affected by an Unrestricted File Upload security vulnerability...
Events Manager < 5.1.7 - Cross-Site Scripting (XSS)
The Events Manager WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
AllWebMenus 1.1.3 - Remote File Inclusion
The AllWebMenus WordPress Menu Plugin WordPress plugin was affected by a Remote File Inclusion security vulnerability...
Google Analyticator < 5.2.1 - XSS
The Google Analyticator WordPress plugin was affected by a XSS security vulnerability...
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip < 2.3.42 - Reflected Cross-Site Scripting
Description The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdfsource' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it...
Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode
Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mslayer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'cssid' user supplied...
Tickera < 3.5.2.9 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion
Description The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with...
PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render
Description The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...