The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewp_shortcode_taxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possib
The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauth
The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes i
The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for una
The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter. This makes it possible for
The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal wi
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3.7 due to insuffici
The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for una
The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' func
The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of serv
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts ca
The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. This makes it possible for unauthenticated attack
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficien
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including,
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to
Page 1+ Next →