| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0. |
| Server-Side Request Forgery (SSRF) vulnerability in mra13 Compact WP Audio Player compact-wp-audio-player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through <= 1.9.14. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through <= 2.9.1. |
| Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through < 5.5.5. |
| Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.2.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets astra-widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through <= 1.2.15. |
| Missing Authorization vulnerability in wpvividplugins WPvivid Backup and Migration wpvivid-backuprestore allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through <= 0.9.106. |
| Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce hide-category-by-user-role-for-woocommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through <= 2.1.1. |
| Missing Authorization vulnerability in SecureSubmit WP SecureSubmit securesubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through <= 1.5.20. |
| Missing Authorization vulnerability in SecureSubmit WP SecureSubmit securesubmit allows Retrieve Embedded Sensitive Data.This issue affects WP SecureSubmit: from n/a through <= 1.5.20. |
| A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook Post Grid Elementor Addon post-grid-elementor-addon.This issue affects Post Grid Elementor Addon: from n/a through <= 2.0.18. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in html5maps Interactive UK Map interactive-uk-map allows Stored XSS.This issue affects Interactive UK Map: from n/a through <= 3.4.8. |
| Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through <= 5.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Shots for Dribbble gs-dribbble-portfolio allows DOM-Based XSS.This issue affects GS Shots for Dribbble: from n/a through <= 1.2.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches gs-coach allows Stored XSS.This issue affects GS Coaches: from n/a through <= 1.1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins Project Showcase gs-projects allows Stored XSS.This issue affects Project Showcase: from n/a through <= 1.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement shopelement allows Stored XSS.This issue affects ShopElement: from n/a through <= 2.0.0. |
