The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is
The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runStrin
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functi
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute a
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the write_to_customfile()
The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2025.2 due to insufficient inpu
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to
The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and includin
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field
The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'plyr' shortcode in all versions up to, and including, 0.0.1 due to insufficient inp
The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitiza
The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in all versions up to, and including, 1.2 due to insufficient i
The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_updat
The 胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and
The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due t
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient inp
The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and o
The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sa
Page 1+ Next →