Vendor CVEs
WordPress
All CVEs
33,183 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8732 | Cri | 0.64 | 9.8 | 0.09 | May 29, 2026 | The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce… | ||
| CVE-2026-42758 | Cri | 0.64 | 9.8 | 0.00 | May 27, 2026 | Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253. | ||
| CVE-2026-42757 | Cri | 0.64 | 9.9 | 0.00 | May 27, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253. | ||
| CVE-2026-42756 | Cri | 0.64 | 9.9 | 0.00 | May 27, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize… | ||
| CVE-2026-42748 | Cri | 0.64 | 9.9 | 0.00 | May 27, 2026 | Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1. | ||
| CVE-2026-42731 | Cri | 0.64 | 9.8 | 0.00 | May 27, 2026 | Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9. | ||
| CVE-2026-6960 | Cri | 0.64 | 9.8 | 0.01 | May 21, 2026 | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated… | ||
| CVE-2026-5118 | Cri | 0.64 | 9.8 | 0.00 | May 21, 2026 | The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's… | ||
| CVE-2026-6279 | Cri | 0.64 | 9.8 | 0.02 | May 21, 2026 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp_conditional_tags` case in `Fusion_Builder_Conditional_Render_Helper::get_value(… | ||
| CVE-2026-7637 | Cri | 0.64 | 9.8 | 0.01 | May 20, 2026 | The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known… | ||
| CVE-2026-6555 | Cri | 0.64 | 9.8 | 0.01 | May 20, 2026 | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files… | ||
| CVE-2026-8495 | Cri | 0.64 | 9.8 | 0.00 | May 19, 2026 | Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15. | ||
| CVE-2026-4883 | Cri | 0.64 | 9.8 | 0.01 | May 19, 2026 | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks… | ||
| CVE-2026-4885 | Cri | 0.64 | 9.8 | 0.01 | May 19, 2026 | The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only… | ||
| CVE-2018-25335 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2026 | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name'… | ||
| CVE-2021-47965 | Cri | 0.64 | 9.8 | 0.01 | May 15, 2026 | WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to… | ||
| CVE-2026-6510 | Cri | 0.64 | 9.8 | 0.00 | May 14, 2026 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler. This makes it possible for… | ||
| CVE-2026-8181 | Cri | 0.64 | 9.8 | 0.15 | May 14, 2026 | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when… | ||
| CVE-2021-47940 | Cri | 0.64 | 9.8 | 0.00 | May 10, 2026 | WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint… | ||
| CVE-2021-47933 | Cri | 0.64 | 9.8 | 0.01 | May 10, 2026 | WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to… | ||
| CVE-2021-47932 | Cri | 0.64 | 9.8 | 0.00 | May 10, 2026 | WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action… | ||
| CVE-2025-13618 | Cri | 0.64 | 9.8 | 0.00 | May 5, 2026 | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it… | ||
| CVE-2026-5722 | Cri | 0.64 | 9.8 | 0.00 | May 5, 2026 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This… | ||
| CVE-2026-4882 | Cri | 0.64 | 9.8 | 0.01 | May 2, 2026 | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to… | ||
| CVE-2026-6235 | Cri | 0.64 | 9.8 | 0.01 | Apr 22, 2026 | The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This… | ||
| CVE-2026-6443 | Cri | 0.64 | 9.8 | 0.01 | Apr 17, 2026 | All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to… | ||
| CVE-2026-3596 | Cri | 0.64 | 9.8 | 0.01 | Apr 16, 2026 | The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This… | ||
| CVE-2026-3461 | Cri | 0.64 | 9.8 | 0.00 | Apr 15, 2026 | The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address… | ||
| CVE-2026-34424 | Cri | 0.64 | 9.8 | 0.01 | Apr 9, 2026 | Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote… | ||
| CVE-2026-3535 | Cri | 0.64 | 9.8 | 0.01 | Apr 8, 2026 | The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook,… | ||
| CVE-2026-4003 | Cri | 0.64 | 9.8 | 0.01 | Apr 8, 2026 | The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspn_ajax_nopriv_server() function within the… | ||
| CVE-2026-3300 | Cri | 0.64 | 9.8 | 0.41 | Mar 31, 2026 | The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code… | ||
| CVE-2026-25429 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1.1.1. | ||
| CVE-2026-4001 | Cri | 0.64 | 9.8 | 0.01 | Mar 24, 2026 | The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to… | ||
| CVE-2026-4038 | Cri | 0.64 | 9.8 | 0.00 | Mar 20, 2026 | The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for… | ||
| CVE-2026-25449 | Cri | 0.64 | 9.8 | 0.00 | Mar 18, 2026 | Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1. | ||
| CVE-2026-2631 | Cri | 0.64 | 9.8 | 0.01 | Mar 11, 2026 | The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication in a protected endpoint that… | ||
| CVE-2026-0953 | Cri | 0.64 | 9.8 | 0.01 | Mar 10, 2026 | The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the… | ||
| CVE-2026-2446 | Cri | 0.64 | 9.8 | 0.00 | Mar 6, 2026 | The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users | ||
| CVE-2026-28043 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical… | ||
| CVE-2026-27389 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | ||
| CVE-2026-22390 | Cri | 0.64 | 9.9 | 0.00 | Mar 5, 2026 | Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1. | ||
| CVE-2026-2628 | Cri | 0.64 | 9.8 | 0.01 | Mar 3, 2026 | The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users,… | ||
| CVE-2025-12981 | Cri | 0.64 | 9.8 | 0.01 | Feb 27, 2026 | The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This… | ||
| CVE-2026-23549 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1. | ||
| CVE-2025-13851 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role during registration via the REST… | ||
| CVE-2025-13563 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for… | ||
| CVE-2025-12882 | Cri | 0.64 | 9.8 | 0.00 | Feb 19, 2026 | The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it… | ||
| CVE-2025-14892 | Cri | 0.64 | 9.8 | 0.00 | Feb 12, 2026 | The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret. | ||
| CVE-2026-1729 | Cri | 0.64 | 9.8 | 0.01 | Feb 12, 2026 | The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it… |
- risk 0.64cvss 9.8epss 0.09
The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce…
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.
- risk 0.64cvss 9.9epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.
- risk 0.64cvss 9.9epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize…
- risk 0.64cvss 9.9epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.
- risk 0.64cvss 9.8epss 0.01
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated…
- risk 0.64cvss 9.8epss 0.00
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's…
- risk 0.64cvss 9.8epss 0.02
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp_conditional_tags` case in `Fusion_Builder_Conditional_Render_Helper::get_value(…
- risk 0.64cvss 9.8epss 0.01
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known…
- risk 0.64cvss 9.8epss 0.01
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files…
- risk 0.64cvss 9.8epss 0.00
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.
- risk 0.64cvss 9.8epss 0.01
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks…
- risk 0.64cvss 9.8epss 0.01
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only…
- risk 0.64cvss 9.8epss 0.01
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name'…
- risk 0.64cvss 9.8epss 0.01
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to…
- risk 0.64cvss 9.8epss 0.00
The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler. This makes it possible for…
- risk 0.64cvss 9.8epss 0.15
The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when…
- risk 0.64cvss 9.8epss 0.00
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint…
- risk 0.64cvss 9.8epss 0.01
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to…
- risk 0.64cvss 9.8epss 0.00
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action…
- risk 0.64cvss 9.8epss 0.00
The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it…
- risk 0.64cvss 9.8epss 0.00
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This…
- risk 0.64cvss 9.8epss 0.01
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to…
- risk 0.64cvss 9.8epss 0.01
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This…
- risk 0.64cvss 9.8epss 0.01
All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to…
- risk 0.64cvss 9.8epss 0.01
The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This…
- risk 0.64cvss 9.8epss 0.00
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address…
- risk 0.64cvss 9.8epss 0.01
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote…
- risk 0.64cvss 9.8epss 0.01
The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook,…
- risk 0.64cvss 9.8epss 0.01
The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspn_ajax_nopriv_server() function within the…
- risk 0.64cvss 9.8epss 0.41
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code…
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1.1.1.
- risk 0.64cvss 9.8epss 0.01
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to…
- risk 0.64cvss 9.8epss 0.00
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for…
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1.
- risk 0.64cvss 9.8epss 0.01
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication in a protected endpoint that…
- risk 0.64cvss 9.8epss 0.01
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the…
- risk 0.64cvss 9.8epss 0.00
The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users
- risk 0.64cvss 9.8epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical…
- risk 0.64cvss 9.8epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1.
- risk 0.64cvss 9.9epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.
- risk 0.64cvss 9.8epss 0.01
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users,…
- risk 0.64cvss 9.8epss 0.01
The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This…
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
- risk 0.64cvss 9.8epss 0.00
The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role during registration via the REST…
- risk 0.64cvss 9.8epss 0.00
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for…
- risk 0.64cvss 9.8epss 0.00
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it…
- risk 0.64cvss 9.8epss 0.00
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.
- risk 0.64cvss 9.8epss 0.01
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it…
Page 10 of 664