| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through <= 3.0.1. |
| Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through <= 5.1.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CWD Web Designer Easy Elements Hider easy-elements-hider allows Stored XSS.This issue affects Easy Elements Hider: from n/a through <= 2.0. |
| Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hung Trang Si SB Breadcrumbs sb-breadcrumbs allows Reflected XSS.This issue affects SB Breadcrumbs: from n/a through <= 1.0. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through <= 0.7.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin epicwin-subscribers allows SQL Injection.This issue affects Epicwin Plugin: from n/a through <= 1.5. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 4.9.3. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This issue affects SNS Vicky: from n/a through <= 3.7. |
| Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1. |
| Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support.This issue affects Majestic Support: from n/a through <= 1.1.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2. |
| Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through <= 5.0.6. |
| WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation of user input in plugin endpoints, allowing crafted input to influence backend queries in unexpected ways. Using specially crafted payloads, this can escalate into unsafe deserialization, enabling arbitrary object injection in PHP. Although the issue is remotely exploitable without authentication, it does require a crafted interaction with the affected endpoint in order to trigger successfully. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through <= 1.3.3. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through <= 1.3.3. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5. |
| Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through <= 4.0.15. |
