Skip to main content

152 docs tagged with "WordPress"

View all tags

CVE-2007-0106

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 all

CVE-2007-0107

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc

CVE-2007-0109

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or no

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input dat

CVE-2007-6677

Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin

CVE-2008-0191

WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p p

CVE-2008-0192

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote atta

CVE-2008-0193

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and po

CVE-2008-0194

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote a

CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty va

CVE-2008-0196

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers

CVE-2008-0197

Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in th

CVE-2008-0198

Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.ph

CVE-2008-0203

Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.

CVE-2008-0204

Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math

CVE-2008-0205

Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in th

CVE-2008-0206

Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and

CVE-2008-0222

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for W

CVE-2010-4536

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allo

CVE-2011-5051

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for Wor

CVE-2011-5254

Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact

CVE-2011-5304

Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for Wo

CVE-2011-5307

Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress a

CVE-2011-5308

Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for Wo

CVE-2012-0287

Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, wh

CVE-2012-10001

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockou

CVE-2012-6499

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier f

CVE-2013-0721

wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain

CVE-2013-6991

Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordP

CVE-2013-6992

Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Fi

CVE-2013-6993

Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress all

CVE-2013-7240

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for Word

CVE-2013-7276

Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0

CVE-2013-7279

Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video

CVE-2013-7419

Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hote

CVE-2014-1232

Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPre

CVE-2014-2598

Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5

CVE-2014-2838

Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for Wo

CVE-2014-2839

SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administr

CVE-2014-4553

Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress al

CVE-2014-4561

The ultimate-weather plugin 1.0 for WordPress has XSS

CVE-2014-9437

Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 f

CVE-2014-9441

Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0

CVE-2014-9442

SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word

CVE-2014-9443

Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows

CVE-2014-9444

Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows

CVE-2014-9453

Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor

CVE-2014-9454

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before

CVE-2014-9460

Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 fo

CVE-2014-9461

Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for Wo

CVE-2014-9523

Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanc

CVE-2014-9524

Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-faceboo

CVE-2014-9525

Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugi

CVE-2016-10736

The 'Social Pug - Easy Social Share Buttons' plugin before 1.2.6 for WordPress allows XSS via the wp

CVE-2018-16206

Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote a

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepress CSV injection by Editor users. Note: The

CVE-2019-20203

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers t

CVE-2019-20204

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCr

CVE-2019-20360

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authent

CVE-2019-20361

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed

CVE-2020-36157

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name='timestamp' fields in

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uplo

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in

CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the e

CVE-2020-36176

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforc

CVE-2020-6166

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenti

CVE-2020-6167

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF a

CVE-2020-6168

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenti

CVE-2021-24680

The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the 'orderb

CVE-2021-24828

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of

CVE-2021-24831

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and

CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a

CVE-2021-24893

The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing subm

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery para

CVE-2021-24949

The 'WP Search Filters' widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7

CVE-2021-24963

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before output

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming

CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parame

CVE-2021-24991

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab

CVE-2021-24999

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notic

CVE-2021-25000

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delet

CVE-2021-25001

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_creat

CVE-2021-25016

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise

CVE-2021-25020

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache d

CVE-2021-25021

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache dire

CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escap

CVE-2021-25027

The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter b

CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text par

CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress

CVE-2021-25040

The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type par

CVE-2021-25043

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter b

CVE-2021-25047

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Sc

CVE-2021-25051

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to incl

CVE-2021-25052

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to

CVE-2021-25053

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include(

CVE-2021-25054

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and us

CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-3241

The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some param

CVE-2022-3860

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise a

CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX actio

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, w

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's

CVE-2022-4049

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before us

CVE-2022-4057

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's export

CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame

CVE-2022-4099

The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parame

CVE-2022-4109

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input agai

CVE-2022-4114

The Superio WordPress theme does not sanitise and escape some parameters, which could allow users wi

CVE-2022-4119

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some

CVE-2022-4140

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to

CVE-2022-4142

The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filte

CVE-2022-4198

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings

CVE-2022-4200

The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its setti

CVE-2022-4236

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to

CVE-2022-4237

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in

CVE-2022-4256

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some

CVE-2022-4260

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which c

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter b

CVE-2022-4298

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as doe

CVE-2022-4302

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w

CVE-2022-4324

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file

CVE-2022-4329

The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (ID

CVE-2022-4351

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b

CVE-2022-4352

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b

CVE-2022-4355

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4356

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4357

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4358

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4359

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4360

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4362

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att

CVE-2022-4369

The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a paramete

CVE-2022-4370

The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a paramet

CVE-2022-4371

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef

CVE-2022-4372

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef

CVE-2022-4373

The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter b

CVE-2022-4381

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att

CVE-2022-4417

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly blo

CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_logi

CVE-2023-0038

The 'Survey Maker – Best WordPress Survey Plugin' plugin for WordPress is vulnerable to Stored Cross