Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress allows Object Injection. This issue affects Employee Directory – Staff Listing & Team Directory Plugin for...
Missing Authorization vulnerability in honzat Page Manager for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page Manager for Elementor: from n/a through 2.0.5. More information : https://patchstack.com/database/wordpress/plugin/page-manager-for-elementor/vulnerability/wordpress-page-manager-for-elementor-plugin-2-0-5-broken-access-control-vulnerability?_s_id=cve
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Unfoldwp Magazine Saga allows PHP Local File Inclusion. This issue affects Magazine Saga: from n/a through 1.2.7. More...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eboekhouden e-Boekhouden.nl allows Reflected XSS. This issue affects e-Boekhouden.nl: from n/a through 1.9.3. More information : https://patchstack.com/database/wordpress/plugin/e-boekhoudennl-connector/vulnerability/wordpress-e-boekhouden-nl-plugin-1-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Koen Schuit NextGEN Gallery Search allows Reflected XSS. This issue affects NextGEN Gallery Search: from n/a through 2.12. More information : https://patchstack.com/database/wordpress/plugin/nextgen-gallery-search-galleries/vulnerability/wordpress-nextgen-gallery-search-plugin-2-12-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in undoIT Theme Switcher Reloaded allows Reflected XSS. This issue affects Theme Switcher Reloaded: from n/a through 1.1. More information : https://patchstack.com/database/wordpress/plugin/theme-switcher-reloaded/vulnerability/wordpress-theme-switcher-reloaded-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in XmasB XmasB Quotes allows Reflected XSS. This issue affects XmasB Quotes: from n/a through 1.6.1. More information : https://patchstack.com/database/wordpress/plugin/xmasb-quotes/vulnerability/wordpress-xmasb-quotes-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThemeUniver Glamer allows PHP Local File Inclusion. This issue affects Glamer: from n/a through 1.0.2. More information :...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS. This issue affects Yahoo! WebPlayer: from n/a through 2.0.6. More information : https://patchstack.com/database/wordpress/plugin/yahoo-media-player/vulnerability/wordpress-yahoo-webplayer-plugin-2-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object Injection. This issue affects WP Funnel Manager: from n/a through 1.4.0. More information : https://patchstack.com/database/wordpress/plugin/wp-funnel-manager/vulnerability/wordpress-wp-funnel-manager-plugin-1-4-0-php-object-injection-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1. More information : https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-theme-4-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4. More information : https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-theme-4-1-1-local-file-inclusion-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in purethemes Listeo-Core allows SQL Injection. This issue affects Listeo-Core: from n/a through 1.9.32. More information : https://patchstack.com/database/wordpress/plugin/listeo-core/vulnerability/wordpress-listeo-core-plugin-1-9-32-sql-injection-vulnerability?_s_id=cve
Missing Authorization vulnerability in favethemes Houzez CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez CRM: from n/a through 1.4.7. More information : https://patchstack.com/database/wordpress/plugin/houzez-crm/vulnerability/wordpress-houzez-crm-plugin-1-4-7-broken-access-control-vulnerability?_s_id=cve