Improper Control of Generation of Code (‘Code Injection’) vulnerability in YayCommerce YayCurrency allows Code Injection. This issue affects YayCurrency: from n/a through 3.2. More information : https://patchstack.com/database/wordpress/plugin/yaycurrency/vulnerability/wordpress-yaycurrency-plugin-3-2-remote-code-execution-rce-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup LambertGroup – AllInOne – Banner with Thumbnails allows Blind SQL Injection. This issue affects LambertGroup – AllInOne – Banner...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jordy Meow Gallery Custom Links allows Stored XSS. This issue affects Gallery Custom Links: from n/a through 2.2.5. More information : https://patchstack.com/database/wordpress/plugin/gallery-custom-links/vulnerability/wordpress-gallery-custom-links-plugin-2-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in metaphorcreations Ditty allows Stored XSS. This issue affects Ditty: from n/a through 3.1.58. More information : https://patchstack.com/database/wordpress/plugin/ditty-news-ticker/vulnerability/wordpress-ditty-plugin-3-1-58-cross-site-scripting-xss-vulnerability?_s_id=cve
Missing Authorization vulnerability in Roxnor EmailKit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EmailKit: from n/a through 1.6.0. More information : https://patchstack.com/database/wordpress/plugin/emailkit/vulnerability/wordpress-emailkit-plugin-1-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LambertGroup LambertGroup – AllInOne – Banner with Playlist allows Blind SQL Injection. This issue affects LambertGroup – AllInOne – Banner...
Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12. More information : https://patchstack.com/database/wordpress/plugin/theme-my-login/vulnerability/wordpress-theme-my-login-plugin-7-1-12-broken-access-control-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in awsm.in Embed Any Document allows Stored XSS. This issue affects Embed Any Document: from n/a through 2.7.7. More information : https://patchstack.com/database/wordpress/plugin/embed-any-document/vulnerability/wordpress-embed-any-document-plugin-2-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore allows Code Injection. This issue affects XStore: from n/a through 9.5.3. More information : https://patchstack.com/database/wordpress/theme/xstore/vulnerability/wordpress-xstore-theme-9-5-3-content-injection-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2. More information : https://patchstack.com/database/wordpress/theme/woostify/vulnerability/wordpress-woostify-theme-2-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syam Mohan WPFront User Role Editor allows Stored XSS. This issue affects WPFront User Role Editor: from n/a through 4.2.3. More information...
Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8. More information : https://patchstack.com/database/wordpress/plugin/listingpro-plugin/vulnerability/wordpress-listingpro-plugin-2-9-8-broken-access-control-vulnerability?_s_id=cve
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. More information : https://patchstack.com/database/wordpress/plugin/download-manager/vulnerability/wordpress-download-manager-plugin-3-3-24-sensitive-data-exposure-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. More information : https://patchstack.com/database/wordpress/plugin/download-manager/vulnerability/wordpress-download-manager-plugin-3-3-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve