CVE Database

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5.

Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through <= 2.0.5.

Missing Authorization vulnerability in HaruTheme Frames frames allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frames: from n/a through <= 1.5.7.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin W bbp topic count bbp-topic-count allows DOM-Based XSS.This issue affects bbp topic count: from n/a through <= 3.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager job-board-manager allows DOM-Based XSS.This issue affects Job Board Manager: from n/a through <= 2.1.61.

Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks zoloblocks allows Server Side Request Forgery.This issue affects ZoloBlocks: from n/a through <= 2.3.11.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sharkthemes Smart Related Products ai-related-products allows Stored XSS.This issue affects Smart Related Products: from n/a through <= 2.0.8.

Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through <= 3.4.0.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce nota-fiscal-eletronica-woocommerce allows Stored XSS.This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through <= 3.4.0.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System wp-ticket allows Stored XSS.This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through <= 6.0.2.

Missing Authorization vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Virtual Assistant: from n/a through <= 3.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jennifer Moss MWW Disclaimer Buttons mww-disclaimer-buttons allows Stored XSS.This issue affects MWW Disclaimer Buttons: from n/a through <= 3.41.

Missing Authorization vulnerability in wpshuffle Subscribe To Unlock subscribe-to-unlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe To Unlock: from n/a through <= 1.1.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rocket Apps Notely notely allows Stored XSS.This issue affects Notely: from n/a through <= 1.8.0.

Missing Authorization vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Download: from n/a through <= 2.0.9.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Feed ht-instagram allows Stored XSS.This issue affects HT Feed: from n/a through <= 1.3.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amit Verma Map Categories to Pages map-categories-to-pages allows Stored XSS.This issue affects Map Categories to Pages: from n/a through <= 1.3.2.

Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Stored XSS.This issue affects Lenix scss compiler: from n/a through <= 1.2.

Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.70.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags simple-meta-tags allows DOM-Based XSS.This issue affects Simple Meta Tags: from n/a through <= 1.5.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thetechtribe The Tribal the-tech-tribe allows Stored XSS.This issue affects The Tribal: from n/a through <= 1.3.3.

Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.3.

Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through <= 2.6.

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through <= 1.0.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.This issue affects PE Easy Slider: from n/a through <= 1.1.0.

Missing Authorization vulnerability in wedos.com WEDOS Global wgpwpp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WEDOS Global: from n/a through <= 1.2.2.

Missing Authorization vulnerability in Yext Yext yext allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Yext: from n/a through <= 1.1.3.

Missing Authorization vulnerability in WP Delicious Delisho dr-widgets-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Delisho: from n/a through <= 1.1.3.

Missing Authorization vulnerability in ArtistScope CopySafe Web Protection wp-copysafe-web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CopySafe Web Protection: from n/a through <= 5.1.

Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook foodbook allows Retrieve Embedded Sensitive Data.This issue affects FoodBook: from n/a through <= 4.7.6.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Hellyer Simple Colorbox simple-colorbox allows Stored XSS.This issue affects Simple Colorbox: from n/a through <= 1.6.1.

Missing Authorization vulnerability in HivePress HivePress Claim Listings hivepress-claim-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HivePress Claim Listings: from n/a through <= 1.1.3.

Missing Authorization vulnerability in HivePress HivePress Claim Listings hivepress-claim-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HivePress Claim Listings: from n/a through <= 1.1.4.

Missing Authorization vulnerability in Ex-Themes WooEvents woo-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooEvents: from n/a through <= 4.1.7.

Missing Authorization vulnerability in WPDirectoryKit WP Directory Kit wpdirectorykit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through <= 1.4.0.

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through <= 3.3.11.

Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core vehica-core allows Cross Site Request Forgery.This issue affects Vehica Core: from n/a through <= 1.0.100.

Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.

Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin instapage allows Cross Site Request Forgery.This issue affects Instapage Plugin: from n/a through <= 3.7.0.

Improper Control of Generation of Code ('Code Injection') vulnerability in YayCommerce YayCurrency yaycurrency allows Code Injection.This issue affects YayCurrency: from n/a through <= 3.3.1.

Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through <= 1.4.3.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through <= 1.1.2.

Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through <= 1.6.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored XSS.This issue affects Ditty: from n/a through <= 3.1.58.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links gallery-custom-links allows Stored XSS.This issue affects Gallery Custom Links: from n/a through <= 2.2.5.

Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a through <= 4.2.3.