Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2014/11/25 5:23 p.m.21 views

Google Document Embedder <= 2.5.14 - SQL Injection

The Google Doc Embedder WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS7.3AI score0.05176EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/15 12:0 a.m.21 views

WP Support Plus Responsive Ticket System < 4.2 - Multiple Issues

The WP Support Plus Responsive Ticket System WordPress plugin was affected by a Multiple Issues security vulnerability...

7.5CVSS2.1AI score0.02503EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/10 12:0 a.m.21 views

Another WordPress Classifieds Plugin < 3.0 - SQLi & XSS

The WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds WordPress plugin was affected by a SQLi & XSS security vulnerability...

7.5CVSS2.5AI score0.04737EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/11/05 12:0 a.m.21 views

BulletProof Security <= .51 - Multiple Vulnerabilities (XSS & SSRF)

The BulletProof Security WordPress plugin was affected by a Multiple Vulnerabilities XSS & SSRF security vulnerability...

6.5CVSS1.8AI score0.02508EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/24 8:8 a.m.21 views

All Video Gallery 1.2 - SQL Injection

The all-video-gallery WordPress plugin was affected by a SQL Injection security vulnerability...

6.5CVSS2.9AI score0.01585EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/21 12:33 p.m.21 views

Login Widget With Shortcode 3.1.1 - CSRF/XSS

The Login Widget With Shortcode WordPress plugin was affected by a CSRF/XSS security vulnerability...

4.3CVSS1.9AI score0.04155EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/19 12:12 p.m.21 views

Compfight < 1.5 Cross-Site Scripting (XSS)

The compfight WordPress plugin was affected by security vulnerability...

3.5CVSS1.3AI score0.01551EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/18 8:33 p.m.21 views

All Video Gallery 1.1 - config.php Multiple Parameter SQL Injection

The all-video-gallery WordPress plugin was affected by a config.php Multiple Parameter SQL Injection security vulnerability...

7.5CVSS2.7AI score0.06675EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/17 12:0 a.m.21 views

WP Content Source Control <= 3.0.0 - Path Traversal

The WP Source Control WordPress plugin was affected by a Path Traversal security vulnerability...

5CVSS3.3AI score0.18817EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/16 6:6 p.m.21 views

WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing

...

6.8CVSS2AI score0.0185EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Classic 1.5 - PHP_SELF XSS

The Classic WordPress theme was affected by a PHPSELF XSS security vulnerability...

4.3CVSS1.6AI score0.01923EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

scarlet <= 1.1.3 - XSS in ZeroClipboard.swf

The scarlet WordPress theme was affected by a XSS in ZeroClipboard.swf security vulnerability...

1.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF

The member-approval WordPress plugin was affected by a wp-admin/options-general.php Option Manipulation CSRF security vulnerability...

6.8CVSS2.3AI score0.01024EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Yahoo Updates < 1.0 - XSS vulnerabilities in yupdates_application.php

The yahoo-updates-for-wordpress WordPress plugin was affected by a XSS vulnerabilities in yupdatesapplication.php security vulnerability...

4.3CVSS1.9AI score0.01618EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

JW Player 2.1.2 - wp-admin/admin.php Player Deletion CSRF

The jw-player-plugin-for-wordpress WordPress plugin was affected by a wp-admin/admin.php Player Deletion CSRF security vulnerability...

6.8CVSS2.3AI score0.02857EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Twitget 3.3.1 - twitget.php Twitter Setting Manipulation CSRF

The Twitget WordPress plugin was affected by a twitget.php Twitter Setting Manipulation CSRF security vulnerability...

6.8CVSS2.1AI score0.03285EPSS
Exploits6References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Connections <= 0.7.1.5 - Unspecified Security

The Connections Business Directory WordPress plugin was affected by an Unspecified Security security vulnerability...

10CVSS2.2AI score0.02607EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Comment Attachment 1.0 - XSS

The Comment Attachment WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.5AI score0.02041EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Xorbin Digital Flash Clock 1.0 - Flash-based XSS

The xorbin-digital-flash-clock WordPress plugin was affected by a Flash-based XSS security vulnerability...

4.3CVSS2.5AI score0.01251EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Digg Digg 5.3.4 - Setting Manipulation CSRF

The digg-digg WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

6.8CVSS2.1AI score0.0107EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

Related Posts 2.7.1 - Cross-Site Request Forgery

The related-posts WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...

6.8CVSS2.7AI score0.0107EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.21 views

wp-cleanfix - Remote Comm& Execution, CSRF & XSS

The WP CleanFix WordPress plugin was affected by a Remote Comm& Execution, CSRF & XSS security vulnerability...

6.8CVSS2.8AI score0.02192EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

WP Clone by WP Academy <= 2.1.1 - XSS in ZeroClipboard

The Clone WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.7AI score0.06316EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

buckets <= 0.1.9.2 - XSS in ZeroClipboard

The Buckets WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS2.2AI score0.06316EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

coupon-code-plugin <= 2.1 - XSS in ZeroClipboard

The coupon-code-plugin WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...

4.3CVSS1.8AI score0.06316EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

WP-PostViews 1.62 - Setting Manipulation CSRF

The WP-PostViews WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...

6.8CVSS2.4AI score0.01094EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

Events Manager 5.3.3 - Multiple Cross-Site Scripting (XSS)

The Events Manager WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...

4.3CVSS2AI score0.02058EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass

The portable-phpmyadmin WordPress plugin was affected by a Multiple Script Direct Request Authentication Bypass security vulnerability...

6.4CVSS2.1AI score0.02812EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

RBX Gallery 2.1 - uploader.php File Upload PHP Code Execution

The rbxgallery WordPress plugin was affected by an uploader.php File Upload PHP Code Execution security vulnerability...

10CVSS2.9AI score0.15828EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

VideoWhisper Live Streaming Integration <= 4.25.3 - Cross-Site Scripting (XSS)

The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.3AI score0.02044EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.21 views

Google Document Embedder 2.4.6 - pdf.php file Parameter Arbitrary File Disclosure

The Google Doc Embedder WordPress plugin was affected by a pdf.php file Parameter Arbitrary File Disclosure security vulnerability...

5CVSS6.3AI score0.50017EPSS
Exploits4References4Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.21 views

Sahifa 2.4.0 - Multiple Full Path Disclosure

The sahifa WordPress theme was affected by a Multiple Full Path Disclosure security vulnerability...

1.5AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.21 views

Subscribe To Comments Reloaded 140204 - options/index.php manager_page Parameter Stored XSS Weakness

The Subscribe To Comments Reloaded WordPress plugin was affected by an options/index.php managerpage Parameter Stored XSS Weakness security vulnerability...

6.8CVSS1.7AI score0.00944EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.21 views

wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload

The wpstorecart WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

10CVSS2.7AI score0.18425EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/06/29 12:0 a.m.21 views

R&om Banner 1.1.2.1 - Cross-Site Scripting (XSS)

The Random Banner WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.6AI score0.01618EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/04/25 12:0 a.m.21 views

Ooorl <= 1.0.0 - XSS

Plugin is still affected and has been closed...

4.3CVSS2.4AI score0.01629EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/02/12 12:0 a.m.21 views

Nextend Facebook Connect <= 1.4.59 - Cross-Site Scripting (XSS)

The Nextend Social Login and Register WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS2AI score0.0377EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2013/11/29 12:0 a.m.21 views

OptimizePress Theme < 1.6 - Unauthenticated Arbitrary File Upload

The OptimizePress premium WordPress theme was vulnerable to Unauthenticated Arbitrary File Upload, which could allow unauthenticated attackers to compromise a WordPress site. This vulnerability has been seen exploited in the wild. PoC The affected file was:...

6.8CVSS3.5AI score0.14802EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2013/08/14 12:0 a.m.21 views

Events Manager < 5.5 - Cross-Site Scripting (XSS)

The Events Manager WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS2AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2013/06/21 12:0 a.m.21 views

WordPress 3.5.1 - Multiple Cross-Site Scripting (XSS)

...

4.3CVSS1.3AI score0.02114EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2013/06/19 12:0 a.m.21 views

BackWPup <= 3.0.12 - Authenticated Cross-Site Scripting (XSS)

The BackWPup – WordPress Backup Plugin WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.4AI score0.02058EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2013/03/24 12:0 a.m.21 views

Backupbuddy - importbuddy.php Direct Request Remote Backup File Disclosure

The backupbuddy WordPress plugin was affected by an importbuddy.php Direct Request Remote Backup File Disclosure security vulnerability...

7.5CVSS1.6AI score0.02563EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2012/06/05 12:0 a.m.21 views

Member Private Conversation < 1.4 - Unrestricted File Upload

The Nmedia WordPress Member Conversation WordPress plugin was affected by an Unrestricted File Upload security vulnerability...

7.5CVSS3.9AI score0.12962EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2012/05/22 12:0 a.m.21 views

Events Manager < 5.1.7 - Cross-Site Scripting (XSS)

The Events Manager WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS2AI score0.00913EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2011/09/19 12:0 a.m.21 views

AllWebMenus 1.1.3 - Remote File Inclusion

The AllWebMenus WordPress Menu Plugin WordPress plugin was affected by a Remote File Inclusion security vulnerability...

7.5CVSS3AI score0.10322EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2009/07/29 12:0 a.m.21 views

Google Analyticator < 5.2.1 - XSS

The Google Analyticator WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.3AI score0.00923EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/10/23 12:0 a.m.20 views

PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip < 2.3.42 - Reflected Cross-Site Scripting

Description The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdfsource' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.5AI score0.00421EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/17 12:0 a.m.20 views

Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mslayer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'cssid' user supplied...

7.1CVSS5.7AI score0.00327EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/17 12:0 a.m.20 views

Tickera < 3.5.2.9 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion

Description The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with...

4.3CVSS6.7AI score0.0028EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/17 12:0 a.m.20 views

PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render

Description The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00329EPSS
Exploits0References1
Total number of security vulnerabilities5000