WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes throu
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltere
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP cod
The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization an
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comme
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id'
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injectio
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sa
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace
The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Admi
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up to, and including, 7.4.9 due to
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserializa
The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_class' parameter in all versions up to, and including, 1.8.1. This is due to insufficient input san
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitizatio
Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. A
The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization a
Page 1+ Next →