Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Plugin: from n/a through 2.0.7. More information : https://patchstack.com/database/wordpress/plugin/miraculouscore/vulnerability/wordpress-miraculous-core-plugin-plugin-2-0-7-privilege-escalation-vulnerability?_s_id=cve
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File...
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3. More information :...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6. More information : https://patchstack.com/database/wordpress/plugin/customcomment/vulnerability/wordpress-custom-comment-plugin-2-1-6-cross-site-scripting-xss-vulnerability-2?_s_id=cve
Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce allows Server Side Request Forgery. This issue affects rajce: from n/a through 0.4.2. More information : https://patchstack.com/database/wordpress/plugin/rajce/vulnerability/wordpress-rajce-plugin-0-4-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5. More information...
Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4. More information : https://patchstack.com/database/wordpress/plugin/hesabfa-accounting/vulnerability/wordpress-hesabfa-accounting-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Retrieve Embedded Sensitive Data. This issue affects Hesabfa Accounting: from n/a through 2.2.4. More information : https://patchstack.com/database/wordpress/plugin/hesabfa-accounting/vulnerability/wordpress-hesabfa-accounting-plugin-2-2-4-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Stored XSS. This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3. More information : https://patchstack.com/database/wordpress/plugin/vcaching/vulnerability/wordpress-varnish-nginx-proxy-caching-plugin-1-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget allows Stored XSS. This issue affects ATT YouTube Widget: from n/a through 1.0. More information : https://patchstack.com/database/wordpress/plugin/att-youtube/vulnerability/wordpress-att-youtube-widget-plugin-1-0-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in everythingwp Risk Free Cash On Delivery (COD) – WooCommerce allows Stored XSS. This issue affects Risk Free Cash On Delivery (COD) –...
Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit allows Cross Site Request Forgery. This issue affects Century ToolKit: from n/a through 1.2.1. More information : https://patchstack.com/database/wordpress/plugin/century-toolkit/vulnerability/wordpress-century-toolkit-plugin-1-2-1-cross-site-request-forgery-csrf-to-arbitrary-plugin-activation-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Isra Kanpress allows Stored XSS. This issue affects Kanpress: from n/a through 1.1. More information : https://patchstack.com/database/wordpress/plugin/kanpress/vulnerability/wordpress-kanpress-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor allows Stored XSS. This issue affects Better Post & Filter Widgets for...