14602 matches found
WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
...
CP Contact Form with Paypal <= 1.1.5 - Multiple Vulnerabilities
The CP Contact Form with PayPal WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...
Yet Another Stars Rating <= 0.9.0 - Authenticated Blind SQL Injection
The Yasr – Yet Another Stars Rating WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...
ACF Frontend Display <= 2.0.6 - Arbitrary File Upload
The last time it was checked the plugin was still affected and had been closed...
WordPress File Upload <= 2.7.6 - Multiple Vulnerabilities
The plugin allows upload of file extensions that may lead to code execution, such as php4 or php5. Additionally, it allows an admin user to rename files and thus change the extension of uploaded files, leading to code execution. There is no CSRF protection for this. The plugin also allows for the...
WordPress Landing Pages <= 1.8.7 - Unspecified Cross-Site Scripting (XSS)
The WordPress Landing Pages WordPress plugin was affected by an Unspecified Cross-Site Scripting XSS security vulnerability...
WP ViperGB < 1.3.16 - XSS
The WP-ViperGB WordPress plugin was affected by a XSS security vulnerability...
Events Manager < 5.5.7.1 - DOM Cross-Site Scripting (XSS)
The Events Manager WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability...
WordPress Landing Pages <= 1.8.4 - XSS & SQL Injection
The WordPress Landing Pages WordPress plugin was affected by a XSS & SQL Injection security vulnerability...
WP Photo Album Plus <= 6.1.2 - Stored Cross-Site Scripting (XSS)
The WP Photo Album Plus WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...
eShop <= 6.3.11 - Remote Code Execution
The eshop WordPress plugin was affected by a Remote Code Execution security vulnerability...
Related Posts < 1.8.2 - XSS
The related-posts WordPress plugin was affected by a XSS security vulnerability...
Contact Form Plugin < 3.96 - XSS
The Contact Form by BestWebSoft WordPress plugin was affected by a XSS security vulnerability...
WP Business Intelligence Lite < 1.6.3 - SQL Injection
...
AB Google Map Travel (AB-MAP) <= 3.4 - CSRF/Stored XSS
The AB Google Map Travel AB-MAP WordPress plugin was affected by a CSRF/Stored XSS security vulnerability...
Photocrati Theme 4.x.x - SQL Injection
PoC http://www.example.com/wp-content/themes/photocrati-theme-path/ecomm-sizes.php?prodid=SQL...
Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting (XSS)
The Frontend Uploader WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. PoC http://localhost:8080/?pageid=0&fu-disallowed-mime-type0name=%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js?%3C%20B%20%3E...
Simplelife <= 1.2 - Multiple CSRF
Plugin is still affected and has been closed...
Tweetscribe <= 1.1 - Multiple CSRF
Plugin is still affected and has been closed...
Bird Feeder <= 1.2.3 - CSRF & XSS
The bird-feeder WordPress plugin was affected by a CSRF & XSS security vulnerability...
WP Popup <= 1.3 - XSS & CSRF
It is unclear if the issues have been fixed. Plugin has been closed...
Paid Memberships Pro 1.7.14.2 - Path Traversal
The Paid Memberships Pro WordPress plugin was affected by a Path Traversal security vulnerability...
VN-Calendar <= 1.0 - Multiple Cross-Site Scripting (XSS)
The vn-calendar WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...
Gr& Flagallery <= 4.24 - Full Path Disclosure
The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a Full Path Disclosure security vulnerability...
Cforms < 10.5 - XSS
The cforms WordPress plugin was affected by a XSS security vulnerability...
Wordfence <= 5.2.4 - Multiple Vulnerabilities (XSS & Bypasses)
The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a Multiple Vulnerabilities XSS & Bypasses security vulnerability...
Photo Gallery 1.1.30 - Cross Site Scripting
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Cross Site Scripting security vulnerability...
SI CAPTCHA 2.7.4 - Cross-Site Scripting (XSS)
The si-captcha-for-wordpress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
DZS Video Gallery Plugin - RCE & More
The dzs-videogallery WordPress plugin was affected by a RCE & More security vulnerability...
WP-Ban < 1.64 BlackList Bypass
The WP-Ban WordPress plugin was affected by security vulnerability...
WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting (XSS)
The WooCommerce WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...
Toolbox 1.4 - flyer.php mls Parameter SQL Injection
The toolbox WordPress theme was affected by a flyer.php mls Parameter SQL Injection security vulnerability...
Pinboard 1.0.6 - includes/theme-options.php tab Parameter XSS
The Pinboard WordPress theme was affected by an includes/theme-options.php tab Parameter XSS security vulnerability...
Cross RSS 1.7 - proxy.php rss Parameter Local File Inclusion
The cross-rss WordPress plugin was affected by a proxy.php rss Parameter Local File Inclusion security vulnerability...
wp-football 1.1 - Multiple Cross-Site Scripting (XSS)
The wp-football WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...
Easy Banners 1.4 - Cross-Site Scripting (XSS)
The easy-banners WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Quick Page Post Redirect 5.0.4 - redirect-updates.php quickppr_redirects Parameter Stored XSS
The Quick Page/Post Redirect Plugin WordPress plugin was affected by a redirect-updates.php quickpprredirects Parameter Stored XSS security vulnerability...
HK Exif Tags 1.11 - hk_exif_tags.php hk_exif_tags_images_process Function EXIF Tags H&ling Stored XSS
The HK Exif Tags WordPress plugin was affected by a hkexiftags.php hkexiftagsimagesprocess Function EXIF Tags H Stored XSS security vulnerability...
April's Super Functions Pack 1.4.7 - readme.php page Parameter Reflected XSS
The aprils-super-functions-pack WordPress plugin was affected by a readme.php page Parameter Reflected XSS security vulnerability...
Redirection - view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS
The Redirection WordPress plugin was affected by a view/admin/logitem.php Non-existent Posts Referer HTTP Header XSS security vulnerability...
Bradesco - falha.php URI Reflected XSS
The bradesco-gateway WordPress plugin was affected by a falha.php URI Reflected XSS security vulnerability...
qTranslate 2.5.34 - Setting Manipulation CSRF
The qtranslate WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
Under Construction 1.08 - Setting Manipulation CSRF
The underConstruction WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
AntiVirus 1.0 - PHP Backdoor Detection Bypass
The AntiVirus WordPress plugin was affected by a PHP Backdoor Detection Bypass security vulnerability...
Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection
The Social Media Widget WordPress plugin was affected by a social-widget.php MITM Weakness Arbitrary Code Injection security vulnerability...
mobileview <= 1.0.7 - XSS in ZeroClipboard
The mobileview WordPress plugin was affected by a XSS in ZeroClipboard security vulnerability...
Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access
The vitamin WordPress plugin was affected by a minify.php path Parameter Traversal Arbitrary File Access security vulnerability...
WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS
The WooCommerce WordPress plugin was affected by an index.php calcshippingstate Parameter XSS security vulnerability...
LeagueManager 3.8 - SQL Injection
The LeagueManager WordPress plugin was affected by a SQL Injection security vulnerability...
RokBox <= 2.13 - error_log Direct Request Error Log Information Disclosure
The wprokbox WordPress plugin was affected by an errorlog Direct Request Error Log Information Disclosure security vulnerability...