The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credenti
The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via t
The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attacke
The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wc
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute a
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss REST API endpoints in all versions
The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcode
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versi
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticat
The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate pr
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-
The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'n
The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. This makes it pos
The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save_file()
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, an
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function
The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of serv
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aft_testimonial_meta_name' custom field in the Client Information metabox in all versions up to
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible
Page 1+ Next →