Medium
CVE-2023-0499
The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via…
Tag: WordPress
All CVEs associated with "WordPress". Page 103/152 • 18158 CVEs.
Subscribe CVEs: RSS for “WordPress” · RSS (High+Critical only)
About “WordPress”
A curated feed of “WordPress”-related CVEs appears below. We currently track 18158 CVEs for this tag (all time). In the last 365 days, 4096 were published. Average CVSS is 6.3 (all time; 6.3 over 365d), and 27% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization, CWE-352 - Cross-Site Request Forgery (CSRF).
In our taxonomy this topic maps to a MODERATE impact class. CMS and plugins expand attack surface. Patch core, themes, and plugins, remove abandoned extensions, restrict admin access, enable WAF, and keep backups. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-03-27
Medium
CVE-2023-0498
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog vi…
Medium
CVE-2023-0497
The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog vi…
Medium
CVE-2023-0496
The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a…
Medium
CVE-2023-0495
The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on…
Medium
CVE-2023-0491
The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow…
Medium
CVE-2023-0484
The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in a…
Medium
CVE-2023-0467
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where…
High
CVE-2023-0441
The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions,…
Medium
CVE-2023-0395
The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users wit…
Medium
CVE-2023-0336
The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
Medium
CVE-2023-0335
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.
Medium
CVE-2023-0272
The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow us…
High
CVE-2020-36666
The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress…
High
CVE-2022-47146
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions.
Medium
CVE-2022-30705
Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions.
2023-03-23
Medium
CVE-2023-26008
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions.
High
CVE-2022-47145
Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7 versions.
2023-03-22
Critical
CVE-2023-28667
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PH…
Medium
CVE-2023-28666
The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which ca…
Medium
CVE-2023-28665
The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can onl…
Medium
CVE-2023-28664
The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widg…
High
CVE-2023-28663
The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action.
Critical
CVE-2023-28662
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_…
High
CVE-2023-28661
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
High
CVE-2023-28660
The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.
High
CVE-2023-28659
The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action.
2023-03-21
High
CVE-2012-10009
A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument…
2023-03-20
High
CVE-2023-0940
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subs…
Medium
CVE-2023-0937
The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-…
Medium
CVE-2023-0911
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as s…
Medium
CVE-2023-0890
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user…
Medium
CVE-2023-0876
The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.
High
CVE-2023-0875
The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.
High
CVE-2023-0865
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request,…
High
CVE-2023-0631
The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.
High
CVE-2023-0630
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.
Medium
CVE-2023-0370
The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could…
Medium
CVE-2023-0369
The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow user…
Medium
CVE-2023-0365
The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allo…
Medium
CVE-2023-0364
The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow use…
High
CVE-2023-0340
The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via…
Medium
CVE-2023-0273
The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, whic…
Medium
CVE-2023-0175
The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortc…
Medium
CVE-2023-0167
The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could…
Medium
CVE-2023-0145
The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could al…
Medium
CVE-2022-4148
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscribe…
Medium
CVE-2022-3894
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which…
2023-03-17
Medium
CVE-2023-1472
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation o…
High
CVE-2023-1471
The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parame…
Medium
CVE-2023-1470
The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input s…
Medium
CVE-2023-1469
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input saniti…
High
CVE-2023-1172
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping.…
2023-03-16
Medium
CVE-2023-1431
The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publi…
2023-03-15
Medium
CVE-2023-25708
Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions.
2023-03-14
Low
CVE-2022-47163
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions.
2023-03-13
Medium
CVE-2023-0844
The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks eve…
Medium
CVE-2023-0772
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as su…
Medium
CVE-2023-0749
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve th…
Medium
CVE-2023-0538
The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which cou…
High
CVE-2023-0477
The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP file…
Medium
CVE-2023-0219
The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. T…
Medium
CVE-2023-0172
The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users…
Medium
CVE-2023-0073
The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which co…
Medium
CVE-2023-0066
The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,…
Critical
CVE-2023-0037
The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauth…
Medium
CVE-2022-4661
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shor…
Medium
CVE-2022-4652
The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could a…
Medium
CVE-2022-4466
The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, wh…
Medium
CVE-2023-1374
The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and out…
High
CVE-2023-1372
The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as wh_homepage, wh_text_short, wh_text_full and in versions up to, and including, 3.…
2023-03-11
Low
CVE-2013-10021
A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-ba…
2023-03-10
Medium
CVE-2023-1346
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation o…
Medium
CVE-2023-1345
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation o…
Medium
CVE-2023-1344
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation o…
Medium
CVE-2023-1343
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation o…
Medium
CVE-2023-1342
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation o…
Medium
CVE-2023-1341
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation o…
Medium
CVE-2023-1340
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation o…
Medium
CVE-2023-1339
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and in…
Medium
CVE-2023-1338
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and inclu…
Medium
CVE-2023-1337
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including…
Medium
CVE-2023-1336
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and incl…
Medium
CVE-2023-1335
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and…
Medium
CVE-2023-1334
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and inclu…
Medium
CVE-2023-1333
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and includ…
Medium
CVE-2014-125093
A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The…
Low
CVE-2013-10020
A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to…
2023-03-07
Medium
CVE-2023-1263
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenti…
Medium
CVE-2020-36670
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions.…
Medium
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that…
Medium
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that…
Medium
CVE-2021-4333
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() functio…
Medium
CVE-2021-4332
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" t…
High
CVE-2021-4331
The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elem…
Medium
CVE-2015-10087
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown function…
High
CVE-2021-4330
The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files…
High
CVE-2020-36669
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the ba…
Medium
CVE-2020-36668
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking…
Medium
CVE-2020-36667
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability chec…
2023-03-06
Low
CVE-2015-10095
A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads…
Low
CVE-2015-10094
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argu…
Medium
CVE-2023-0377
The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could all…
Medium
CVE-2023-0328
The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can e…
Medium
CVE-2023-0212
The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which…
Medium
CVE-2023-0165
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could all…
Medium
CVE-2023-0078
The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attack…
Medium
CVE-2023-0076
The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could…
Medium
CVE-2023-0069
The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which coul…
Medium
CVE-2023-0068
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the sho…
Medium
CVE-2023-0065
The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could al…
Medium
CVE-2023-0064
The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortco…
Medium
CVE-2023-0063
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which c…
Critical
CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the se…
High
CVE-2022-4265
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in th…
Low
CVE-2015-10093
A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plu…
Low
CVE-2015-10092
A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on WordPress. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-…
Low
CVE-2015-10090
A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to…
2023-03-05
Low
CVE-2014-125092
A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php.…
Low
CVE-2006-10001
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manip…