Skip to main content

377 docs tagged with "WordPress_CMS"

View all tags

CVE-2007-0106

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 all

CVE-2007-0107

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc

CVE-2007-0109

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or no

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input dat

CVE-2007-6677

Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin

CVE-2008-0191

WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p p

CVE-2008-0192

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote atta

CVE-2008-0193

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and po

CVE-2008-0194

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote a

CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty va

CVE-2008-0196

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers

CVE-2008-0197

Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in th

CVE-2008-0198

Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.ph

CVE-2008-0203

Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.

CVE-2008-0204

Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math

CVE-2008-0205

Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in th

CVE-2008-0206

Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and

CVE-2008-0222

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for W

CVE-2010-4536

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allo

CVE-2011-5051

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for Wor

CVE-2011-5254

Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact

CVE-2011-5304

Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for Wo

CVE-2011-5307

Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress a

CVE-2011-5308

Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for Wo

CVE-2012-0287

Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, wh

CVE-2012-10001

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockou

CVE-2012-6499

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier f

CVE-2013-0721

wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain

CVE-2013-6991

Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordP

CVE-2013-6992

Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Fi

CVE-2013-6993

Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress all

CVE-2013-7240

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for Word

CVE-2013-7276

Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0

CVE-2013-7279

Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video

CVE-2013-7419

Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hote

CVE-2014-1232

Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPre

CVE-2014-2598

Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5

CVE-2014-2838

Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for Wo

CVE-2014-2839

SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administr

CVE-2014-4553

Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress al

CVE-2014-4561

The ultimate-weather plugin 1.0 for WordPress has XSS

CVE-2014-4972

Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPre

CVE-2014-9437

Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 f

CVE-2014-9441

Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0

CVE-2014-9442

SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word

CVE-2014-9443

Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows

CVE-2014-9444

Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows

CVE-2014-9453

Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor

CVE-2014-9454

Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before

CVE-2014-9460

Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 fo

CVE-2014-9461

Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for Wo

CVE-2014-9523

Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanc

CVE-2014-9524

Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-faceboo

CVE-2014-9525

Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugi

CVE-2015-10013

A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has

CVE-2015-10128

A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problema

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

CVE-2016-10706

The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.

CVE-2016-10736

The 'Social Pug - Easy Social Share Buttons' plugin before 1.2.6 for WordPress allows XSS via the wp

CVE-2017-1000434

Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect para

CVE-2017-18010

The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via th

CVE-2017-18011

The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the

CVE-2017-18012

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.

CVE-2017-18015

The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter

CVE-2018-16206

Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote a

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer scri

CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for W

CVE-2018-3811

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress

CVE-2018-5212

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (

CVE-2018-5213

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downlo

CVE-2018-5214

The 'Add Link to Facebook' plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parame

CVE-2018-5284

The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options

CVE-2018-5285

The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.

CVE-2018-5286

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for

CVE-2018-5287

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane

CVE-2018-5288

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for

CVE-2018-5289

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane

CVE-2018-5290

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane

CVE-2018-5291

The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php pane

CVE-2018-5292

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for

CVE-2018-5293

The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for

CVE-2018-5310

In the 'Media from FTP' plugin before 9.85 for WordPress, Directory Traversal exists via the searchd

CVE-2018-5311

The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options paramete

CVE-2018-5312

The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post

CVE-2018-5315

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter

CVE-2018-5316

The 'SagePay Server Gateway for WooCommerce' plugin before 1.0.9 for WordPress has XSS via the inclu

CVE-2018-5361

The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.

CVE-2018-5362

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[page] parameter to wp-admin/

CVE-2018-5363

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[en] or wpglobus_option[enabl

CVE-2018-5364

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[redirect_by_language] parame

CVE-2018-5365

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[show_selector] parameter to

CVE-2018-5366

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option parameter to wp-admin/option

CVE-2018-5367

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post] parameter to wp-admin/

CVE-2018-5368

The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/op

CVE-2018-5369

The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/opt

CVE-2018-5372

The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php

CVE-2018-5373

The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid p

CVE-2018-5374

The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.ph

CVE-2018-5651

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi

CVE-2018-5652

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi

CVE-2018-5653

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t

CVE-2018-5654

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t

CVE-2018-5655

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t

CVE-2018-5656

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via

CVE-2018-5657

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5658

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists

CVE-2018-5659

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5660

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5661

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5662

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5663

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5664

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5665

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5666

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v

CVE-2018-5667

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a

CVE-2018-5668

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a

CVE-2018-5669

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admi

CVE-2018-5670

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad

CVE-2018-5671

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad

CVE-2018-5672

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad

CVE-2018-5673

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepress CSV injection by Editor users. Note: The

CVE-2019-20203

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers t

CVE-2019-20204

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCr

CVE-2019-20360

A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authent

CVE-2019-20361

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat

CVE-2020-36156

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated

CVE-2020-36157

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat

CVE-2020-36170

The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name='timestamp' fields in

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uplo

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in

CVE-2020-36173

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.

CVE-2020-36174

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the e

CVE-2020-36176

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforc

CVE-2020-6166

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenti

CVE-2020-6167

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF a

CVE-2020-6168

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenti

CVE-2021-24680

The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the 'orderb

CVE-2021-24828

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of

CVE-2021-24831

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and

CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a

CVE-2021-24893

The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing subm

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery para

CVE-2021-24949

The 'WP Search Filters' widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7

CVE-2021-24963

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before output

CVE-2021-24964

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming

CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parame

CVE-2021-24991

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab

CVE-2021-24999

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notic

CVE-2021-25000

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delet

CVE-2021-25001

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_creat

CVE-2021-25016

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise

CVE-2021-25020

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache d

CVE-2021-25021

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache dire

CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escap

CVE-2021-25027

The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter b

CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text par

CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress

CVE-2021-25040

The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type par

CVE-2021-25043

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter b

CVE-2021-25047

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Sc

CVE-2021-25051

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to incl

CVE-2021-25052

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to

CVE-2021-25053

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include(

CVE-2021-25054

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and us

CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-3241

The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some param

CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Hime

CVE-2022-3416

The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowin

CVE-2022-3417

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, wh

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an im

CVE-2022-3855

The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, w

CVE-2022-3860

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise a

CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX actio

CVE-2022-3923

The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check w

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, w

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the s

CVE-2022-4049

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before us

CVE-2022-4057

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's export

CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame

CVE-2022-4099

The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parame

CVE-2022-4102

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF check

CVE-2022-4103

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF check

CVE-2022-4109

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input agai

CVE-2022-4114

The Superio WordPress theme does not sanitise and escape some parameters, which could allow users wi

CVE-2022-4119

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some

CVE-2022-4140

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to

CVE-2022-4142

The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filte

CVE-2022-4196

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fiel

CVE-2022-4198

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings

CVE-2022-4200

The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its setti

CVE-2022-4236

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to

CVE-2022-4237

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in

CVE-2022-4256

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some

CVE-2022-4260

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which c

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter b

CVE-2022-4298

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as doe

CVE-2022-4301

The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter befo

CVE-2022-4302

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w

CVE-2022-4310

The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when loggi

CVE-2022-4324

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file

CVE-2022-4325

The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a paramete

CVE-2022-4329

The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a

CVE-2022-4340

The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (ID

CVE-2022-4351

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b

CVE-2022-4352

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b

CVE-2022-4355

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4356

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4357

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4358

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4359

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4360

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4362

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att

CVE-2022-4368

The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputti

CVE-2022-4369

The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a paramete

CVE-2022-4370

The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a paramet

CVE-2022-4371

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef

CVE-2022-4372

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef

CVE-2022-4373

The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter b

CVE-2022-4374

The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter bef

CVE-2022-4381

The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att

CVE-2022-4391

The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its s

CVE-2022-4392

The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and es

CVE-2022-4394

The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its sett

CVE-2022-4417

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly blo

CVE-2022-4426

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check

CVE-2022-4468

The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode

CVE-2022-4479

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its sho

CVE-2022-4491

The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its short

CVE-2022-4497

The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attri

CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_logi

CVE-2022-4700

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4701

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4702

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4703

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4704

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4705

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4707

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi

CVE-2022-4708

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4709

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2022-4710

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in v

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the

CVE-2023-0038

The 'Survey Maker – Best WordPress Survey Plugin' plugin for WordPress is vulnerable to Stored Cross

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver

CVE-2023-0087

The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘s

CVE-2023-0088

The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions

CVE-2023-0162

The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of i

CVE-2023-0254

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘or

CVE-2023-22622

WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and th

CVE-2023-4246

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i

CVE-2023-4247

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i

CVE-2023-4248

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i

CVE-2023-4372

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi'

CVE-2023-4960

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_sto

CVE-2023-4962

The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup'

CVE-2023-51406

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fas

CVE-2023-51408

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wh

CVE-2023-51538

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress

CVE-2023-52119

Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generatio

CVE-2023-52124

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2023-52128

Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Cus

CVE-2023-5235

The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updat

CVE-2023-5448

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forg

CVE-2023-5504

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and includ

CVE-2023-5691

The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi

CVE-2023-5877

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for reque

CVE-2023-5911

The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and e

CVE-2023-5957

The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and

CVE-2023-6000

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating exist

CVE-2023-6037

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of i

CVE-2023-6064

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible

CVE-2023-6113

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin befor

CVE-2023-6139

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on i

CVE-2023-6140

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileg

CVE-2023-6141

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on i

CVE-2023-6158

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthor

CVE-2023-6161

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before ou

CVE-2023-6220

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient f

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all version

CVE-2023-6242

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si

CVE-2023-6266

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insuff

CVE-2023-6271

The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to

CVE-2023-6316

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file

CVE-2023-6369

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of d

CVE-2023-6383

The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was d

CVE-2023-6421

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leak

CVE-2023-6446

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adm

CVE-2023-6485

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its playe

CVE-2023-6493

The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vu

CVE-2023-6496

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all v

CVE-2023-6498

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2023-6504

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugi

CVE-2023-6505

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory lis

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure

CVE-2023-6520

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Sit

CVE-2023-6524

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2023-6528

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to adm

CVE-2023-6532

The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updati

CVE-2023-6555

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter

CVE-2023-6556

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Store

CVE-2023-6558

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploa

CVE-2023-6561

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2023-6567

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ par

CVE-2023-6582

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposur

CVE-2023-6583

The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal

CVE-2023-6594

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2023-6598

The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a mis

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to un

CVE-2023-6621

The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before ou

CVE-2023-6624

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2023-6627

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect mo

CVE-2023-6629

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Ob

CVE-2023-6632

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting

CVE-2023-6634

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and in

CVE-2023-6636

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary f

CVE-2023-6637

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modifica

CVE-2023-6638

The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of

CVE-2023-6645

The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2023-6684

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2023-6699

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to Directory Traversal in all

CVE-2023-6733

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposur

CVE-2023-6737

The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th

CVE-2023-6738

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St

CVE-2023-6742

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauth

CVE-2023-6747

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2023-6750

The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations,

CVE-2023-6751

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a mis

CVE-2023-6776

The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Fun

CVE-2023-6781

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2023-6782

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2023-6788

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request

CVE-2023-6798

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu

CVE-2023-6801

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu

CVE-2023-6828

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPr

CVE-2023-6830

The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and inc

CVE-2023-6842

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder pl

CVE-2023-6845

The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could

CVE-2023-6855

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for W

CVE-2023-6875

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl

CVE-2023-6878

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of da

CVE-2023-6882

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘

CVE-2023-6883

The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to

CVE-2023-6924

The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wid

CVE-2023-6934

The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2023-6938

The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom fi

CVE-2023-6979

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads du

CVE-2023-6980

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W

CVE-2023-6981

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W

CVE-2023-6984

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents

CVE-2023-6988

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p

CVE-2023-6990

The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post m

CVE-2023-6994

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl

CVE-2023-7019

The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vuln

CVE-2023-7027

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl

CVE-2023-7044

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

CVE-2023-7048

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u

CVE-2023-7068

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress

CVE-2023-7070

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to

CVE-2023-7071

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v

CVE-2024-0201

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification o

CVE-2024-22027

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a rem