The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verificatio
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrec
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing s
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parame
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a functi
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' f
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a thro
Authentication Bypass by Spoofing vulnerability in patreon Patreon WordPress patreon-connect.This issue affects Patreon WordPress: from n/a through <= 1.9.0.
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check'
The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to aut
The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This mak
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonat
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling
The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the soc
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autolo
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the
The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_s
Page 1+ Next →