CVE-2007-0106
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 all
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 all
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or no
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input dat
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p p
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote atta
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and po
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote a
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty va
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in th
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.ph
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.
Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math
Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in th
Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for W
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allo
Pretty-Link WordPress plugin 1.5.2 has XSS
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for Wor
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact
Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for Wo
Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress a
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for Wo
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, wh
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockou
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier f
wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain
Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordP
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Fi
Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress all
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for Word
Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0
Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video
Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hote
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPre
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5
Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for Wo
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administr
flog plugin 0.1 for WordPress has XSS
Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress al
The ultimate-weather plugin 1.0 for WordPress has XSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 f
Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows
Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows
Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before
Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 fo
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for Wo
Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanc
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-faceboo
Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugi
The 'Social Pug - Easy Social Share Buttons' plugin before 1.2.6 for WordPress allows XSS via the wp
Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote a
The TablePress plugin 1.9.2 for WordPress allows tablepress CSV injection by Editor users. Note: The
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers t
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCr
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authent
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name='timestamp' fields in
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uplo
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the e
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforc
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenti
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF a
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenti
The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the 'orderb
The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing subm
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery para
The 'WP Search Filters' widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before output
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parame
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notic
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delet
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_creat
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise
The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache d
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache dire
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escap
The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter b
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text par
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress
The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type par
The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter b
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Sc
The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to incl
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to
The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include(
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and us
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some param
The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise a
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX actio
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, w
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before us
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's export
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame
The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parame
The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input agai
The Superio WordPress theme does not sanitise and escape some parameters, which could allow users wi
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to
The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filte
The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings
The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its setti
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to
The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in
The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which c
The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter b
The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as doe
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file
The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (ID
The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b
The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att
The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a paramete
The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a paramet
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef
The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter b
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly blo
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_logi
The 'Survey Maker – Best WordPress Survey Plugin' plugin for WordPress is vulnerable to Stored Cross