Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

MStore API < 4.10.2 - Cross-Site Request Forgery

Description The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 4.10.2 exclusive. This is due to missing or incorrect nonce validation in the templates/admin/mstore-api-admin-dashboard.php file. This makes it possible for unauthenticated attackers...

8.8CVSS6.4AI score0.00221EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

Happy Addons for Elementor (Free < 3.10.0, Pro < 2.10.0) - Reflected Cross-Site Scripting

Description The plugins are vulnerable to Reflected Cross-Site Scripting via DOM due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into...

6.1CVSS6.5AI score0.00544EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

WP Optin Wheel < 1.4.3 - Sensitive Information Exposure via Log File

Description The WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the plugin's debug log file. This makes it possible for unauthenticated attackers...

7.5CVSS6.9AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.33 views

Ultimate Addons for WPBakery < 3.19.18 - Cross-Site Request Forgery

Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.19.17. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform...

8.8CVSS6.8AI score0.00222EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Affiliates Manager < 2.9.31 - Sensitive Information Exposure via Log File

Description The Affiliates Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.30 via the plugin's log files. This makes it possible for unauthenticated attackers to extract sensitive data including plugin configuration and debug...

5.3CVSS6.9AI score0.00444EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.19 views

FastDup < 2.1.8 - Sensitive Information Exposure via Log File

Description The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.7 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including...

7.5CVSS6.9AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

Custom Post Carousels with Owl < 1.4.7 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Custom Post Carousels with Owl plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Login as User or Customer (User Switching) <= 3.8 - Authentication Bypass

Description The Login as User or Customer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.8. This makes it possible for unauthenticated attackers to login as another user and escalate their privileges...

7.6AI score0.00703EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.11 views

White Label < 2.9.1 - Cross-Site Request Forgery via white_label_reset_wl_admins

Description The White Label plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.0. This is due to missing or incorrect nonce validation on the whitelabelresetwladmins function. This makes it possible for unauthenticated attackers to reset plugin...

8.8CVSS6.6AI score0.00223EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.10 views

Restaurant Reservations < 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Restaurant Reservations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

Rencontre – Dating Site < 3.11 - Privilege Escalation

Description The Rencontre plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.10.1. This is due to an unknown issue. This makes it possible for unauthenticated attackers to gain elevated privileges...

9.8CVSS7.6AI score0.00583EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Active Products Tables for WooCommerce < 1.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.19 views

Events Shortcodes & Templates For The Events Calendar < 2.3.2 - Authenticated (Contributor+) SQL Injection via shortcode

Description The Events Shortcodes & Templates For The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 2.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

8.8CVSS7.5AI score0.00544EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.15 views

WPC Product Bundles for WooCommerce < 7.3.2 - Cross-Site Request Forgery

Description The WPC Product Bundles for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.3.1. This is due to missing or incorrect nonce validation on several functions in /includes/class-woosb.php. This makes it possible for...

8.8CVSS6.7AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.25 views

GEO my WordPress < 4.0.3 - Authenticated(Administrator+) SQL Injection

Description The GEO my WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to 4.0.3 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...

7.6CVSS7.4AI score0.00546EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.19 views

WP Frontend Profile < 1.3.2 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to privilege, allowing unauthenticated attackers to take over arbitrary accounts on the site...

9.5AI score0.00538EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.15 views

Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection

Description The Clockwork SMS Notfications plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

7.6CVSS7.5AI score0.00529EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.20 views

Impreza < 8.18 - Reflected Cross-Site Scripting

Description The Impreza – WordPress Website and WooCommerce Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 8.17.4 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.5AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.12 views

WP Tabs < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Tabs – Responsive Tabs Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.26 views

Beaver Builder < 2.7.2.1 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings available to Contributor and above roles, which could allow them to perform Stored Cross-Site Scripting attacks...

6.5CVSS6AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.21 views

Simply Schedule Appointments < 1.6.6.1 - Authenticated(Administrator+) SQL Injection

Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.6.6.1 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.6CVSS7.5AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.18 views

WebinarIgnition < 3.05.1 - Unauthenticated SQL Injection

Description The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.05.0 due to insufficient escaping on the user supplied...

9.8CVSS9.7AI score0.00566EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.12 views

WPCS – WordPress Currency Switcher Professional < 1.2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS5.9AI score0.00275EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.15 views

HUSKY < 1.3.4.4 - Multiple Connections/Stats CSRF

Description The plugin does not have CSRF checks in various functions, which could allow attackers to make logged in admins perform unwanted actions related to connections and stats features via CSRF attacks...

8.8CVSS7.1AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.24 views

Easy Digital Downloads < 3.2.6 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.18 views

SlickNav Mobile Menu < 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The SlickNav Mobile Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

WP Review Slider < 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

Checkout Mestres WP < 7.1.9.8 - Authentication Bypass via Password Reset

Description The plugin is vulnerable to authentication bypass due to a weak password reset functionality, allowing unauthenticated attackers to reset the password of arbitrary users to a guessable value based on the current time...

9.8CVSS9.8AI score0.00657EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.27 views

404 Solution < 2.33.1 - Sensitive Information Exposure via Log File

Description The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including plugin configuration and debug data...

5.3CVSS5.5AI score0.00435EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.15 views

WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 - Unauthorized Sensitive Data Exposure

Description The plugin allows access to cache files during the cloning process which provides unauthorized access to sensitive data PoC 1 When an admin creates a staging site, an attacker can capture a .cache file which reveals sensitive information including: DBname, DBtables, DBcolumns. 2 These...

7.5CVSS6.1AI score0.00644EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.18 views

BookIt < 2.4.4 - Authenticated(Administrator+) SQL Injection

Description The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.4.4 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.6CVSS7.5AI score0.0053EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.30 views

Brave Popup Builder < 0.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Send Users Email < 1.4.4 - Sensitive Information Exposure via Error Logs

Description The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via the plugin's error logs. This makes it possible for unauthenticated attackers to extract sensitive data about the plugin and site configuration...

5.3CVSS6.8AI score0.00435EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.15 views

Stock Ticker < 3.23.5 - Authenticated (Contributor+) Stored Cross-Site Scritping

Description The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.13 views

Build App Online <= 1.0.19 - Unauthenticated Account Takeover via Weak Password Reset Mechanism

Description The plugin is vulnerable to account takeover due to a weak password reset mechanism, allowing unauthenticated attackers to reset the password of arbitrary users by guessing an 8-digit numeric reset code...

7.4AI score0.00697EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

Fluent Support < 1.7.7 - Authenticated(Administrator+) SQL Injection

Description The Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.7.7 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...

7.6CVSS7.5AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Checkout Mestres WP < 7.1.9.8 - Missing Authorization to Unauthenticated Arbitrary Options Update

Description The Checkout Mestres WP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.1.9.6. This makes it possible for unauthenticated attackers to update arbitrary site options...

8.2CVSS9.3AI score0.00563EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.22 views

NEX-Forms – Ultimate Form Builder < 8.5.5 - Cross-Site Request Forgery

Description The NEX-Forms – Ultimate Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an...

8.8CVSS6.6AI score0.00221EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.18 views

Product Catalog Simple < 1.7.7 - Sensitive Information Exposure via Product CSV

Description The Product Catalog Simple plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 1.7.7 exclusive via Import and Export Product CSV files. This makes it possible for unauthenticated attackers access and above, to extract sensitive data including ful...

7.5CVSS6.9AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.10 views

Profile Builder < 3.10.8 - Contributor+ User Metadata Disclosure

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wppbtoolboxusermetahandler function allowing authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata...

4.3CVSS6.2AI score0.00349EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

Image Source Control < 2.17.1 - Sensitive Information Exposure via Log File

Description The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS6.9AI score0.00481EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Rise Blocks – A Complete Gutenberg Page Builder < 3.2 - Cross-Site Request Forgery

Description The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated...

8.8CVSS6.7AI score0.00216EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.30 views

E2Pdf < 1.20.24 - Authenticated(Administrator+) SQL Injection

Description The E2Pdf – Export To Pdf Tool for WordPress plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.20.24 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.6CVSS7.4AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.15 views

Simple Job Board < 2.10.7 - Cross-Site Request Forgery

Description The Simple Job Board plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...

8.8CVSS6.8AI score0.00223EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.28 views

Simple Job Board < 2.10.6 - Missing Authorization

Description The Simple Job Board plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.10.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...

7AI score0.00436EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.12 views

CBX Bookmark & Favorite < 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The CBX Bookmark & Favorite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...

6.5CVSS5.9AI score0.00349EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.24 views

ARI Stream Quiz < 1.3.1 - Authenticated (Contributor+) PHP Object Injection

Description The ARI Stream Quiz – WordPress Quizzes Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor access or higher to injec...

9.9CVSS7.4AI score0.00627EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

Advanced Form Integration < 1.76.0 - Authenticated(Administrator+) SQL Injection

Description The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.76.0 exclusive due to insufficient escaping on the user supplied parameter a...

7.6CVSS7.5AI score0.00546EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.14 views

Funnel Builder for WordPress by FunnelKit < 2.14.4 - Authenticated(Administrator+) SQL Injection

Description The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits plugin for WordPress is vulnerable to SQL Injection in all versions up to 2.14.4 exclusive due to insufficient escaping on the user supplied parameter and lack...

7.6CVSS7.5AI score0.00541EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.11 views

Database Cleaner < 0.9.9 - Sensitive Information Exposure via Log File

Description The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.8 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including system an...

7.5CVSS6.9AI score0.0048EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602