The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This is due to insufficient sanitization when sa
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and including, 1.2.22. This m
The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitizatio
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accept
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization func
The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitiza
The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' funct
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-a
The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin allowing Author-level users to create and execute a
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.28. This is due to the write_to_customfile()
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.7.2 via the filter_content function. This is due to
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to,
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possi
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possibl
The Divelogs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'latestdive' shortcode in all versions up to, and including, 1.5 due to insufficient input saniti
The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabled_loggers parameter. This makes it possible
The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is due to the plugin no
AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP cod
The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ad' shortcode's 'client' attribute in all versions up to and including 2.0.1. This is due to insufficient input
Page 1+ Next →