Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ruben Garcia AutomatorWP allows SQL Injection.This issue affects AutomatorWP: from n/a through 5.2.4. More information : https://vdp.patchstack.com/database/wordpress/plugin/automatorwp/vulnerability/wordpress-automatorwp-plugin-5-2-4-sql-injection-vulnerability?_s_id=cve
Improper input validation at one of the endpoints of Eaton xComfort ECI’s web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve...
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Thembay Diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through 1.3.15. More information : https://vdp.patchstack.com/database/wordpress/theme/diza/vulnerability/wordpress-diza-theme-1-3-15-local-file-inclusion-vulnerability?_s_id=cve
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through 1.2.14. More information : https://vdp.patchstack.com/database/wordpress/theme/nika/vulnerability/wordpress-nika-theme-1-2-14-local-file-inclusion-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebCodingPlace Responsive Posts Carousel Pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through 15.2. More information : https://vdp.patchstack.com/database/wordpress/plugin/responsive-posts-carousel-pro/vulnerability/wordpress-responsive-posts-carousel-pro-plugin-15-2-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in VillaTheme WPBulky allows Blind SQL Injection.This issue affects WPBulky: from n/a through 1.1.13. More information : https://vdp.patchstack.com/database/wordpress/plugin/wpbulky-wp-bulk-edit-post-types/vulnerability/wordpress-wpbulky-plugin-1-1-13-sql-injection-vulnerability?_s_id=cve
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through 3.2.24. More information : https://vdp.patchstack.com/database/wordpress/plugin/v-form/vulnerability/wordpress-vpsuform-plugin-3-2-24-sensitive-data-exposure-vulnerability?_s_id=cve
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘register_form’ and ‘restrict’ shortcodes in all versions up to, and including, 3.2.15 due to insufficient input...
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha_page_custom_js’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping....
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_template_content’ function in all versions...
The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the ‘insert_inner_template’ function. This...
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation...
The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘event_desc’ parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it...
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘duplicate_wpml_layout’ function in all versions up to,...