Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8. More information : https://patchstack.com/database/wordpress/plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-4-4-8-php-object-injection-vulnerability?_s_id=cve
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9. More information : https://patchstack.com/database/wordpress/theme/noo-jobmonster/vulnerability/wordpress-jobmonster-theme-4-7-9-broken-authentication-vulnerability?_s_id=cve
Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30. More information : https://patchstack.com/database/wordpress/plugin/b-slider/vulnerability/wordpress-b-slider-plugin-1-1-30-broken-access-control-vulnerability?_s_id=cve
Missing Authorization vulnerability in Miles All Bootstrap Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All Bootstrap Blocks: from n/a through 1.3.28. More information : https://patchstack.com/database/wordpress/plugin/all-bootstrap-blocks/vulnerability/wordpress-all-bootstrap-blocks-plugin-1-3-28-broken-access-control-vulnerability?_s_id=cve
Improper Control of Generation of Code (‘Code Injection’) vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1. More information : https://patchstack.com/database/wordpress/plugin/youtube-showcase/vulnerability/wordpress-youtube-showcase-plugin-3-5-1-php-object-injection-vulnerability?_s_id=cve
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0. More information : https://patchstack.com/database/wordpress/theme/golo/vulnerability/wordpress-golo-theme-1-7-0-broken-authentication-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1. More information : https://patchstack.com/database/wordpress/theme/golo/vulnerability/wordpress-golo-theme-1-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3. More information : https://patchstack.com/database/wordpress/plugin/nest-addons/vulnerability/wordpress-nest-addons-plugin-1-6-3-sql-injection-vulnerability?_s_id=cve
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5. More information :...
Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201. More information : https://patchstack.com/database/wordpress/plugin/zephyr-project-manager/vulnerability/wordpress-zephyr-project-manager-plugin-3-3-201-broken-access-control-vulnerability?_s_id=cve
Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21. More information : https://patchstack.com/database/wordpress/plugin/b-tiktok-feed/vulnerability/wordpress-tiktok-feed-plugin-1-0-21-broken-access-control-vulnerability?_s_id=cve
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in extendons WooCommerce csv import export allows Path Traversal. This issue affects WooCommerce csv import export: from n/a through 2.0.6. More information...
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Dmitry V. (CEO of “UKR Solution”) UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through...
Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Object Injection. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through...