Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager allows Retrieve Embedded Sensitive Data. This issue affects WP Project Manager: from n/a through 2.6.25. More information : https://patchstack.com/database/wordpress/plugin/wedevs-project-manager/vulnerability/wordpress-wp-project-manager-plugin-2-6-25-sensitive-data-exposure-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Cross Site Request Forgery. This issue affects NIX Anti-Spam Light: from n/a through 0.0.4. More information : https://patchstack.com/database/wordpress/plugin/nix-anti-spam-light/vulnerability/wordpress-nix-anti-spam-light-plugin-0-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BuddyDev BuddyPress Notification Widget allows Stored XSS. This issue affects BuddyPress Notification Widget: from n/a through 1.3.3. More information : https://patchstack.com/database/wordpress/plugin/buddypress-notifications-widget/vulnerability/wordpress-buddypress-notification-widget-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in artbees JupiterX Core allows Stored XSS. This issue affects JupiterX Core: from n/a through 4.10.1. More information : https://patchstack.com/database/wordpress/plugin/jupiterx-core/vulnerability/wordpress-jupiterx-core-plugin-4-10-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Missing Authorization vulnerability in nK Lazy Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Lazy Blocks: from n/a through 4.1.0. More information : https://patchstack.com/database/wordpress/plugin/lazy-blocks/vulnerability/wordpress-lazy-blocks-plugin-4-1-0-broken-access-control-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri allows Cross Site Request Forgery. This issue affects Nokri: from n/a through 1.6.4. More information : https://patchstack.com/database/wordpress/theme/nokri/vulnerability/wordpress-nokri-theme-1-6-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ronald Huereca Highlight and Share – Social Text and Image Sharing allows Stored XSS. This issue affects Highlight and Share – Social...
Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection allows Stored XSS. This issue affects Mavis HTTPS to HTTP Redirection: from n/a through 1.4.3. More information : https://patchstack.com/database/wordpress/plugin/mavis-https-to-http-redirect/vulnerability/wordpress-mavis-https-to-http-redirection-plugin-1-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in wpdirectorykit Sweet Energy Efficiency allows Stored XSS. This issue affects Sweet Energy Efficiency: from n/a through 1.0.6. More information : https://patchstack.com/database/wordpress/plugin/sweet-energy-efficiency/vulnerability/wordpress-sweet-energy-efficiency-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid allows Retrieve Embedded Sensitive Data. This issue affects Getwid: from n/a through 2.1.2. More information : https://patchstack.com/database/wordpress/plugin/getwid/vulnerability/wordpress-getwid-plugin-2-1-2-sensitive-data-exposure-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rameez Iqbal Real Estate Manager allows DOM-Based XSS. This issue affects Real Estate Manager: from n/a through 7.3. More information : https://patchstack.com/database/wordpress/plugin/real-estate-manager/vulnerability/wordpress-real-estate-manager-plugin-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in dtbaker StylePress for Elementor allows Stored XSS. This issue affects StylePress for Elementor: from n/a through 1.2.1. More information : https://patchstack.com/database/wordpress/plugin/full-site-builder-for-elementor/vulnerability/wordpress-stylepress-for-elementor-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images allows Code Injection. This issue affects Custom Post Type Images: from n/a through 0.5. More information : https://patchstack.com/database/wordpress/plugin/custom-post-types-image/vulnerability/wordpress-custom-post-type-images-plugin-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jonathan Brinley DOAJ Export allows Stored XSS. This issue affects DOAJ Export: from n/a through 1.0.4. More information : https://patchstack.com/database/wordpress/plugin/doaj-export/vulnerability/wordpress-doaj-export-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve