The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.4.0 via deserialization of untrusted input from the 'raccooki
The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, and including, 2.2.2. This is due to the `
The Pósturinn\'s Shipping with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the printed_marked and nonprinted_marked parameters in all versions up to, and
The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input saniti
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerex_callback_view_more_posts' f
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_
The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output e
The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to in
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated thr
The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due to insufficient input sanitization and output esca
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to,
The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers
The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied para
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input fro
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization
The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 0.2.1 due to insufficient inpu
← Previous Page 5