The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signa
The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not prope
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inclu
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 4.1132. The plugin exposes two AJAX handlers that, when comb
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_upe_appearance_ajax' function in
The Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.14.14 via the handle_ajax_save function due to missing validation o
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the pl
The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_setting() function in all versions up to, and
The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all v
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all vers
The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function i
The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migr
The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions
The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handle_request() f
The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanit
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validati
The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in al
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() f
Page 1+ Next →