Vendor CVEs
WordPress
All CVEs
32,708 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9879 | Cri | 0.70 | 9.8 | 0.47 | Jun 10, 2019 | The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. | ||
| CVE-2019-9618 | Cri | 0.70 | 9.8 | 0.41 | May 13, 2019 | The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter. | ||
| CVE-2018-3811 | Cri | 0.70 | 9.8 | 0.43 | Jan 1, 2018 | SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements… | ||
| CVE-2015-4455 | Cri | 0.70 | 9.8 | 0.41 | May 23, 2017 | Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct… | ||
| CVE-2025-34077 | Cri | 0.69 | — | 0.10 | Jul 9, 2025 | An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the… | ||
| CVE-2024-50498 | Cri | 0.69 | 10.0 | 0.54 | Oct 28, 2024 | Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0. | ||
| CVE-2024-8529 | Cri | 0.69 | 10.0 | 0.12 | Sep 12, 2024 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied… | ||
| CVE-2024-3552 | Cri | 0.69 | 9.8 | 0.67 | Jun 13, 2024 | The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. | ||
| CVE-2022-1609 | Cri | 0.69 | 9.8 | 0.64 | Jan 16, 2024 | The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. | ||
| CVE-2023-5652 | Cri | 0.69 | 9.8 | 0.64 | Nov 20, 2023 | The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections | ||
| CVE-2020-36708 | Cri | 0.69 | 9.8 | 0.65 | Jun 7, 2023 | The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <=… | ||
| CVE-2023-2732 | Cri | 0.69 | 9.8 | 0.68 | May 25, 2023 | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for… | ||
| CVE-2022-1386 | Cri | 0.69 | 9.8 | 0.72 | May 16, 2022 | The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact… | ||
| CVE-2021-24321 | Cri | 0.69 | 9.8 | 0.67 | Jun 1, 2021 | The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement,… | ||
| CVE-2019-16119 | Cri | 0.69 | 9.8 | 0.25 | Sep 8, 2019 | SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | ||
| CVE-2017-16562 | Cri | 0.69 | 9.8 | 0.27 | Nov 10, 2017 | The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. | ||
| CVE-2017-1002000 | Cri | 0.69 | 9.8 | 0.27 | Sep 14, 2017 | Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. | ||
| CVE-2026-0740 | Cri | 0.68 | 9.8 | 0.54 | Apr 7, 2026 | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for… | ||
| CVE-2012-10026 | Cri | 0.68 | — | 0.01 | Aug 5, 2025 | The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a… | ||
| CVE-2012-10025 | Cri | 0.68 | — | 0.01 | Aug 5, 2025 | The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit… | ||
| CVE-2019-25224 | Cri | 0.68 | 9.8 | 0.17 | Jul 25, 2025 | The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system. | ||
| CVE-2016-15043 | Cri | 0.68 | 9.8 | 0.10 | Jul 19, 2025 | The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites… | ||
| CVE-2025-5394 | Cri | 0.68 | 9.8 | 0.48 | Jul 15, 2025 | The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for… | ||
| CVE-2025-4094 | Cri | 0.68 | 9.8 | 0.16 | May 21, 2025 | The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them. | ||
| CVE-2025-1661 | Cri | 0.68 | 9.8 | 0.55 | Mar 11, 2025 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated… | ||
| CVE-2024-8672 | Cri | 0.68 | 9.9 | 0.44 | Nov 28, 2024 | The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin… | ||
| CVE-2024-8275 | Cri | 0.68 | 9.8 | 0.49 | Sep 25, 2024 | The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation… | ||
| CVE-2023-6989 | Cri | 0.68 | 9.8 | 0.57 | Feb 5, 2024 | The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to… | ||
| CVE-2023-6623 | Cri | 0.68 | 9.8 | 0.51 | Jan 15, 2024 | The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. | ||
| CVE-2022-4395 | Cri | 0.68 | 9.8 | 0.18 | Jan 30, 2023 | The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. | ||
| CVE-2022-1329 | Hig | 0.68 | 8.8 | 0.93 | Apr 19, 2022 | The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to… | ||
| CVE-2022-0679 | Cri | 0.68 | 9.8 | 0.48 | Mar 28, 2022 | The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results… | ||
| CVE-2021-25003 | Cri | 0.68 | 9.8 | 0.56 | Mar 14, 2022 | The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | ||
| CVE-2022-0513 | Cri | 0.68 | 9.8 | 0.53 | Feb 16, 2022 | The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary… | ||
| CVE-2021-24472 | Cri | 0.68 | 9.8 | 0.57 | Aug 2, 2021 | The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would… | ||
| CVE-2013-3684 | Cri | 0.68 | 9.8 | 0.19 | Feb 11, 2020 | NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | ||
| CVE-2019-16932 | Cri | 0.68 | 10.0 | 0.39 | Sep 30, 2019 | A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. | ||
| CVE-2019-14348 | Cri | 0.68 | 9.8 | 0.21 | Aug 5, 2019 | The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | ||
| CVE-2018-16159 | Cri | 0.68 | 9.8 | 0.50 | Aug 30, 2018 | The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. | ||
| CVE-2018-7313 | Cri | 0.68 | 9.8 | 0.19 | Feb 22, 2018 | SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter. | ||
| CVE-2018-6583 | Cri | 0.68 | 9.8 | 0.19 | Feb 17, 2018 | SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. | ||
| CVE-2018-6006 | Cri | 0.68 | 9.8 | 0.19 | Feb 17, 2018 | SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter. | ||
| CVE-2018-5988 | Cri | 0.68 | 9.8 | 0.19 | Jan 24, 2018 | SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. | ||
| CVE-2017-16949 | Cri | 0.68 | 9.8 | 0.19 | Dec 19, 2017 | An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and… | ||
| CVE-2017-1002008 | Cri | 0.68 | 9.8 | 0.17 | Sep 14, 2017 | Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. | ||
| CVE-2017-1002003 | Cri | 0.68 | 9.8 | 0.12 | Sep 14, 2017 | Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | ||
| CVE-2017-1002002 | Cri | 0.68 | 9.8 | 0.13 | Sep 14, 2017 | Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | ||
| CVE-2017-1002001 | Cri | 0.68 | 9.8 | 0.11 | Sep 14, 2017 | Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | ||
| CVE-2016-10045 | Cri | 0.68 | 9.8 | 0.98 | Dec 30, 2016 | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail… | ||
| CVE-2006-6863 | Cri | 0.68 | 9.8 | 0.13 | Dec 31, 2006 | PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value |
- risk 0.70cvss 9.8epss 0.47
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation.
- risk 0.70cvss 9.8epss 0.41
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
- risk 0.70cvss 9.8epss 0.43
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements…
- risk 0.70cvss 9.8epss 0.41
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct…
- risk 0.69cvss —epss 0.10
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the…
- risk 0.69cvss 10.0epss 0.54
Improper Control of Generation of Code ('Code Injection') vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through <= 1.0.
- risk 0.69cvss 10.0epss 0.12
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied…
- risk 0.69cvss 9.8epss 0.67
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
- risk 0.69cvss 9.8epss 0.64
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
- risk 0.69cvss 9.8epss 0.64
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections
- risk 0.69cvss 9.8epss 0.65
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <=…
- risk 0.69cvss 9.8epss 0.68
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for…
- risk 0.69cvss 9.8epss 0.72
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact…
- risk 0.69cvss 9.8epss 0.67
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement,…
- risk 0.69cvss 9.8epss 0.25
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
- risk 0.69cvss 9.8epss 0.27
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
- risk 0.69cvss 9.8epss 0.27
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
- risk 0.68cvss 9.8epss 0.54
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for…
- risk 0.68cvss —epss 0.01
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a…
- risk 0.68cvss —epss 0.01
The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit…
- risk 0.68cvss 9.8epss 0.17
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.
- risk 0.68cvss 9.8epss 0.10
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites…
- risk 0.68cvss 9.8epss 0.48
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for…
- risk 0.68cvss 9.8epss 0.16
The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.
- risk 0.68cvss 9.8epss 0.55
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated…
- risk 0.68cvss 9.9epss 0.44
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin…
- risk 0.68cvss 9.8epss 0.49
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation…
- risk 0.68cvss 9.8epss 0.57
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to…
- risk 0.68cvss 9.8epss 0.51
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
- risk 0.68cvss 9.8epss 0.18
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
- risk 0.68cvss 8.8epss 0.93
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to…
- risk 0.68cvss 9.8epss 0.48
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results…
- risk 0.68cvss 9.8epss 0.56
The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE
- risk 0.68cvss 9.8epss 0.53
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary…
- risk 0.68cvss 9.8epss 0.57
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would…
- risk 0.68cvss 9.8epss 0.19
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
- risk 0.68cvss 10.0epss 0.39
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
- risk 0.68cvss 9.8epss 0.21
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
- risk 0.68cvss 9.8epss 0.50
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
- risk 0.68cvss 9.8epss 0.19
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
- risk 0.68cvss 9.8epss 0.19
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
- risk 0.68cvss 9.8epss 0.19
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
- risk 0.68cvss 9.8epss 0.19
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
- risk 0.68cvss 9.8epss 0.19
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and…
- risk 0.68cvss 9.8epss 0.17
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
- risk 0.68cvss 9.8epss 0.12
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
- risk 0.68cvss 9.8epss 0.13
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
- risk 0.68cvss 9.8epss 0.11
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
- risk 0.68cvss 9.8epss 0.98
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail…
- risk 0.68cvss 9.8epss 0.13
PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value
Page 2 of 655