CVE-2007-0106
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 all
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 all
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or no
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input dat
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p p
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote atta
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and po
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote a
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty va
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in th
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.ph
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.
Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math
Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in th
Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for W
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allo
Pretty-Link WordPress plugin 1.5.2 has XSS
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for Wor
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact
Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for Wo
Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress a
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for Wo
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, wh
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockou
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier f
wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain
Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordP
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Fi
Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress all
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for Word
Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0
Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video
Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hote
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPre
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5
Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for Wo
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administr
flog plugin 0.1 for WordPress has XSS
Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress al
The ultimate-weather plugin 1.0 for WordPress has XSS
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPre
Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 f
Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows
Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows
Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before
Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 fo
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for Wo
Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanc
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-faceboo
Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugi
A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has
A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problema
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
The 'Social Pug - Easy Social Share Buttons' plugin before 1.2.6 for WordPress allows XSS via the wp
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect para
The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via th
The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter
Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote a
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer scri
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for W
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downlo
The 'Add Link to Facebook' plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parame
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for
In the 'Media from FTP' plugin before 9.85 for WordPress, Directory Traversal exists via the searchd
The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options paramete
The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter
The 'SagePay Server Gateway for WooCommerce' plugin before 1.0.9 for WordPress has XSS via the inclu
The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[page] parameter to wp-admin/
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[en] or wpglobus_option[enabl
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[redirect_by_language] parame
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[show_selector] parameter to
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option parameter to wp-admin/option
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post] parameter to wp-admin/
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/op
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/opt
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php
The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid p
The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.ph
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admi
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin
The TablePress plugin 1.9.2 for WordPress allows tablepress CSV injection by Editor users. Note: The
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers t
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCr
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authent
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name='timestamp' fields in
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uplo
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the e
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforc
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenti
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF a
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenti
The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the 'orderb
The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing subm
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery para
The 'WP Search Filters' widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before output
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parame
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notic
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delet
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_creat
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise
The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache d
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache dire
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape
The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escap
The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter b
The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text par
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress
The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type par
The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter b
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Sc
The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to incl
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to
The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include(
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and us
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some param
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Hime
The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowin
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, wh
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an im
The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, w
The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise a
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX actio
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check w
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, w
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the s
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before us
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's export
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame
The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parame
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF check
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF check
The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input agai
The Superio WordPress theme does not sanitise and escape some parameters, which could allow users wi
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to
The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filte
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fiel
The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings
The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its setti
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to
The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in
The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which c
The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter b
The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as doe
The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter befo
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w
The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when loggi
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file
The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a paramete
The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (ID
The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b
The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att
The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputti
The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a paramete
The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a paramet
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef
The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter b
The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter bef
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att
The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its s
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and es
The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its sett
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly blo
The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check
The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode
The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its sho
The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its short
The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attri
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_logi
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in v
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The 'Survey Maker – Best WordPress Survey Plugin' plugin for WordPress is vulnerable to Stored Cross
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver
The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘s
The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions
The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of i
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘or
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and th
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi'
The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_sto
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup'
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fas
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wh
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generatio
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Cus
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updat
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forg
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and includ
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for reque
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and e
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating exist
The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of i
The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin befor
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on i
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileg
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on i
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthor
The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before ou
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient f
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all version
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insuff
The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of d
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was d
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leak
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adm
The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its playe
The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vu
The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all v
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugi
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory lis
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Sit
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to adm
The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updati
The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Store
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploa
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ par
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposur
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scrip
The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a mis
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to un
The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before ou
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Sc
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect mo
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Ob
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and in
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary f
The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modifica
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site S
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip
The WP Compress – Image Optimizer plugin for WordPress is vulnerable to Directory Traversal in all
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposur
The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauth
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si
The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations,
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a mis
The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Fun
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Sc
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPr
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and inc
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder pl
The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for W
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl
The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of da
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wid
The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom fi
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads du
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p
The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post m
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl
The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vuln
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v
The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification o
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a rem