VYPR

Vendor CVEs

WordPress

All CVEs

32,709 total · sorted by risk
  • CVE-2024-49607CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through <= 1.0.

  • CVE-2024-49330CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through <= 1.0.

  • CVE-2024-49329CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through <= 1.0.0.

  • CVE-2024-49327CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2.

  • CVE-2024-49326CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3.

  • CVE-2024-49324CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0.

  • CVE-2024-49611CriOct 20, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through <= 1.0.

  • CVE-2024-49314CriOct 17, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through <= 2.5.2.

  • CVE-2024-49291CriOct 17, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.

  • CVE-2024-49254CriOct 16, 2024
    risk 0.65cvss 10.0epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in sunjianle ajax-extend ajax-extend allows Code Injection.This issue affects ajax-extend: from n/a through <= 1.0.

  • CVE-2024-49242CriOct 16, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through <= 3.0.5.

  • CVE-2024-49216CriOct 16, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through <= 0.2.1.

  • CVE-2024-49257CriOct 16, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through <= 0.9.

  • CVE-2024-9234CriOct 11, 2024
    risk 0.65cvss 9.8epss 0.10

    The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API…

  • CVE-2024-8940CriSep 25, 2024
    risk 0.65cvss 10.0epss 0.01

    Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the…

  • CVE-2024-43955CriAug 29, 2024
    risk 0.65cvss 10.0epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.

  • CVE-2024-43918CriAug 29, 2024
    risk 0.65cvss 10.0epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.

  • CVE-2024-43917CriAug 29, 2024
    risk 0.65cvss 9.3epss 0.22

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.

  • CVE-2024-7854CriAug 21, 2024
    risk 0.65cvss 10.0epss 0.04

    The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for…

  • CVE-2024-37099CriAug 19, 2024
    risk 0.65cvss 10.0epss 0.01

    Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.

  • CVE-2024-6500CriAug 17, 2024
    risk 0.65cvss 10.0epss 0.01

    The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for WooCommerce) as well as…

  • CVE-2024-43160CriAug 13, 2024
    risk 0.65cvss 10.0epss 0.05

    Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.

  • CVE-2024-6457CriJul 16, 2024
    risk 0.65cvss 9.8epss 0.20

    The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2024-37112CriJul 9, 2024
    risk 0.65cvss 10.0epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.

  • CVE-2024-37228CriJun 24, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.38.

  • CVE-2024-3605CriJun 20, 2024
    risk 0.65cvss 10.0epss 0.04

    The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2024-3105CriJun 15, 2024
    risk 0.65cvss 9.9epss 0.03

    The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to…

  • CVE-2024-35746CriJun 10, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.

  • CVE-2024-3820CriJun 1, 2024
    risk 0.65cvss 10.0epss 0.01

    The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the…

  • CVE-2024-3495CriMay 22, 2024
    risk 0.65cvss 9.8epss 0.14

    The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…

  • CVE-2024-32809CriMay 17, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.

  • CVE-2024-31351CriMay 17, 2024
    risk 0.65cvss 10.0epss 0.02

    Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.

  • CVE-2024-34555CriMay 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3.

  • CVE-2024-32700CriMay 14, 2024
    risk 0.65cvss 10.0epss 0.03

    Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.

  • CVE-2024-31377CriMay 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001.

  • CVE-2024-33566CriApr 29, 2024
    risk 0.65cvss 10.0epss 0.01

    Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.

  • CVE-2024-32599CriApr 18, 2024
    risk 0.65cvss 10.0epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator.This issue affects WP Dummy Content Generator: from n/a through <= 3.2.1.

  • CVE-2024-2879CriApr 3, 2024
    risk 0.65cvss 9.8epss 0.18

    The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible…

  • CVE-2024-31115CriMar 31, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 7.2.

  • CVE-2024-30510CriMar 29, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.

  • CVE-2024-30225CriMar 28, 2024
    risk 0.65cvss 10.0epss 0.01

    Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.

  • CVE-2024-30224CriMar 28, 2024
    risk 0.65cvss 10.0epss 0.01

    Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.

  • CVE-2023-49815CriMar 27, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.

  • CVE-2023-48777CriMar 26, 2024
    risk 0.65cvss 9.9epss 0.04

    Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

  • CVE-2023-23656CriMar 26, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.

  • CVE-2024-27957CriMar 17, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1.

  • CVE-2023-6825CriMar 13, 2024
    risk 0.65cvss 9.9epss 0.06

    The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function.…

  • CVE-2024-25925CriFeb 26, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12.

  • CVE-2024-25913CriFeb 26, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

  • CVE-2024-25100CriFeb 12, 2024
    risk 0.65cvss 10.0epss 0.01

    Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4.

Page 7 of 655