The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce v
The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from t
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This
The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitizati
The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient
The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wc
The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This
The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unaut
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parame
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for auth
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or inco
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validatio
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the create_template RES
The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. This makes it possible for u
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingest_image() function in versions 1.1.0 to 1.5.0. This makes i
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthentica
The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This makes it possible for authentica