Vendor CVEs
Wpmudev
All CVEs
49 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4596 | Cri | 0.64 | 9.8 | 0.13 | Aug 30, 2023 | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated… | ||
| CVE-2017-8558 | Hig | 0.57 | 7.8 | 0.44 | Jun 29, 2017 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703… | ||
| CVE-2026-39466 | Hig | 0.49 | 7.6 | 0.00 | Apr 8, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <=… | ||
| CVE-2025-67962 | Hig | 0.49 | 7.6 | 0.00 | Dec 16, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6. | ||
| CVE-2024-0368 | Hig | 0.49 | 8.6 | 0.01 | Mar 13, 2024 | The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data… | ||
| CVE-2017-15079 | Hig | 0.49 | 7.5 | 0.03 | Oct 6, 2017 | The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | ||
| CVE-2024-1794 | Hig | 0.47 | 7.2 | 0.01 | Apr 9, 2024 | The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-29777 | Hig | 0.46 | 7.1 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through <= 1.29.0. | ||
| CVE-2026-6214 | Med | 0.42 | 6.5 | 0.00 | May 7, 2026 | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/class-export.php failing to perform a capability check before saving the scheduled… | ||
| CVE-2022-2438 | Hig | 0.40 | 7.2 | 0.01 | Sep 6, 2022 | The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a… | ||
| CVE-2024-37239 | Med | 0.38 | 5.9 | 0.00 | Jul 22, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Branda branda-white-labeling.This issue affects Branda: from n/a through <= 3.4.17. | ||
| CVE-2024-25592 | Med | 0.38 | 5.9 | 0.00 | Mar 15, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3. | ||
| CVE-2023-6133 | Med | 0.36 | 6.6 | 0.01 | Nov 15, 2023 | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level… | ||
| CVE-2024-5191 | Med | 0.35 | 6.4 | 0.00 | Jun 21, 2024 | The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This… | ||
| CVE-2024-3053 | Med | 0.35 | 6.4 | 0.00 | Apr 9, 2024 | The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output… | ||
| CVE-2023-51490 | Med | 0.35 | 5.3 | 0.00 | Jan 8, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. | ||
| CVE-2026-32409 | Med | 0.34 | 5.3 | 0.00 | Mar 13, 2026 | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2. | ||
| CVE-2026-24998 | Med | 0.34 | 5.3 | 0.00 | Feb 3, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2. | ||
| CVE-2024-37444 | Med | 0.34 | 5.3 | 0.01 | Nov 1, 2024 | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1. | ||
| CVE-2024-6554 | Med | 0.34 | 5.3 | 0.00 | Jul 11, 2024 | The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it… | ||
| CVE-2023-51542 | Med | 0.34 | 5.3 | 0.00 | Jun 4, 2024 | Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14. | ||
| CVE-2015-5057 | Med | 0.33 | 6.1 | 0.01 | Aug 18, 2017 | Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | ||
| CVE-2025-11734 | Med | 0.28 | 5.4 | 0.00 | Nov 18, 2025 | The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API… | ||
| CVE-2024-43118 | Med | 0.28 | 4.3 | 0.01 | Nov 1, 2024 | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1. | ||
| CVE-2024-43117 | Med | 0.28 | 4.3 | 0.00 | Aug 26, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1. | ||
| CVE-2024-32792 | Med | 0.28 | 4.3 | 0.00 | Jun 9, 2024 | Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.7.3. | ||
| CVE-2021-4425 | Med | 0.28 | 4.3 | 0.01 | Jul 12, 2023 | The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to… | ||
| CVE-2021-4417 | Med | 0.28 | 5.4 | 0.00 | Jul 12, 2023 | The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule()… | ||
| CVE-2026-2729 | Med | 0.27 | 5.3 | 0.00 | May 5, 2026 | The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent… | ||
| CVE-2025-22288 | Med | 0.27 | 4.1 | 0.00 | Nov 6, 2025 | Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0. | ||
| CVE-2025-4047 | Med | 0.21 | 4.3 | 0.00 | Jun 3, 2025 | The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers,… | ||
| CVE-2023-5089 | 0.07 | — | 0.02 | Oct 16, 2023 | The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. | |||
| CVE-2024-8492 | 0.00 | — | 0.00 | May 15, 2025 | The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||
| CVE-2025-3479 | 0.00 | — | 0.00 | Apr 17, 2025 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key. This makes… | |||
| CVE-2025-3487 | 0.00 | — | 0.00 | Apr 17, 2025 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This… | |||
| CVE-2024-7389 | 0.00 | — | 0.01 | Aug 2, 2024 | The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API… | |||
| CVE-2023-47189 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. | |||
| CVE-2024-25595 | 0.00 | — | 0.00 | May 17, 2024 | Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. | |||
| CVE-2022-44581 | 0.00 | — | 0.01 | May 17, 2024 | Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | |||
| CVE-2024-31857 | 0.00 | — | 0.01 | Apr 23, 2024 | Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser. | |||
| CVE-2024-20671 | 0.00 | — | 0.01 | Mar 12, 2024 | Microsoft Defender Security Feature Bypass Vulnerability | |||
| CVE-2023-36010 | 0.00 | — | 0.03 | Dec 12, 2023 | Microsoft Defender Denial of Service Vulnerability | |||
| CVE-2023-24934 | 0.00 | — | 0.01 | Apr 14, 2023 | Microsoft Defender Security Feature Bypass Vulnerability | |||
| CVE-2023-1478 | 0.00 | — | 0.01 | Apr 10, 2023 | The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. | |||
| CVE-2022-0994 | 0.00 | — | 0.03 | Apr 18, 2022 | The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||
| CVE-2022-23604 | 0.00 | — | 0.01 | Feb 15, 2022 | x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users… | |||
| CVE-2021-42298 | 0.00 | — | 0.05 | Nov 10, 2021 | Microsoft Defender Remote Code Execution Vulnerability | |||
| CVE-2021-34464 | 0.00 | — | 0.03 | Jul 16, 2021 | Microsoft Defender Remote Code Execution Vulnerability | |||
| CVE-2021-24092 | 0.00 | — | 0.01 | Feb 25, 2021 | Microsoft Defender Elevation of Privilege Vulnerability |
- risk 0.64cvss 9.8epss 0.13
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated…
- risk 0.57cvss 7.8epss 0.44
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <=…
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6.
- risk 0.49cvss 8.6epss 0.01
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data…
- risk 0.49cvss 7.5epss 0.03
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
- risk 0.47cvss 7.2epss 0.01
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator.This issue affects Forminator: from n/a through <= 1.29.0.
- risk 0.42cvss 6.5epss 0.00
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/class-export.php failing to perform a capability check before saving the scheduled…
- risk 0.40cvss 7.2epss 0.01
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Branda branda-white-labeling.This issue affects Branda: from n/a through <= 3.4.17.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3.
- risk 0.36cvss 6.6epss 0.01
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level…
- risk 0.35cvss 6.4epss 0.00
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This…
- risk 0.35cvss 6.4epss 0.00
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output…
- risk 0.35cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2.
- risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1.
- risk 0.34cvss 5.3epss 0.00
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it…
- risk 0.34cvss 5.3epss 0.00
Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14.
- risk 0.33cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.
- risk 0.28cvss 5.4epss 0.00
The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API…
- risk 0.28cvss 4.3epss 0.01
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.7.3.
- risk 0.28cvss 4.3epss 0.01
The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 5.4epss 0.00
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule()…
- risk 0.27cvss 5.3epss 0.00
The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent…
- risk 0.27cvss 4.1epss 0.00
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0.
- risk 0.21cvss 4.3epss 0.00
The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers,…
- CVE-2023-5089Oct 16, 2023risk 0.07cvss —epss 0.02
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
- CVE-2024-8492May 15, 2025risk 0.00cvss —epss 0.00
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
- CVE-2025-3479Apr 17, 2025risk 0.00cvss —epss 0.00
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key. This makes…
- CVE-2025-3487Apr 17, 2025risk 0.00cvss —epss 0.00
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This…
- CVE-2024-7389Aug 2, 2024risk 0.00cvss —epss 0.01
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API…
- CVE-2023-47189Jun 4, 2024risk 0.00cvss —epss 0.00
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.
- CVE-2024-25595May 17, 2024risk 0.00cvss —epss 0.00
Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1.
- CVE-2022-44581May 17, 2024risk 0.00cvss —epss 0.01
Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.
- CVE-2024-31857Apr 23, 2024risk 0.00cvss —epss 0.01
Forminator prior to 1.15.4 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote attacker may obtain user information etc. and alter the page contents on the user's web browser.
- CVE-2024-20671Mar 12, 2024risk 0.00cvss —epss 0.01
Microsoft Defender Security Feature Bypass Vulnerability
- CVE-2023-36010Dec 12, 2023risk 0.00cvss —epss 0.03
Microsoft Defender Denial of Service Vulnerability
- CVE-2023-24934Apr 14, 2023risk 0.00cvss —epss 0.01
Microsoft Defender Security Feature Bypass Vulnerability
- CVE-2023-1478Apr 10, 2023risk 0.00cvss —epss 0.01
The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.
- CVE-2022-0994Apr 18, 2022risk 0.00cvss —epss 0.03
The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
- CVE-2022-23604Feb 15, 2022risk 0.00cvss —epss 0.01
x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users…
- CVE-2021-42298Nov 10, 2021risk 0.00cvss —epss 0.05
Microsoft Defender Remote Code Execution Vulnerability
- CVE-2021-34464Jul 16, 2021risk 0.00cvss —epss 0.03
Microsoft Defender Remote Code Execution Vulnerability
- CVE-2021-24092Feb 25, 2021risk 0.00cvss —epss 0.01
Microsoft Defender Elevation of Privilege Vulnerability