Wordpress CVE Data

CVE ID Published Date Title Slug Description Severty
CVE-2020-29171 2021-02-10 22:15:00 Wp security & firewall wp-security-&-firewall Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress. [ Reference URL ] MEDIUM
CVE-2020-35942 2021-02-10 01:15:00 Nextgen gallery nextgen-gallery A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) [ Reference URL ] MEDIUM
CVE-2020-35943 2021-02-10 01:15:00 Nextgen gallery nextgen-gallery A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) [ Reference URL ] MEDIUM
CVE-2020-36012 2021-01-27 20:15:00 Multi store multi-store Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. [ Reference URL ] LOW
CVE-2020-27850 2021-01-20 11:15:00 Gravityforms gravityforms A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). [ Reference URL ] LOW
CVE-2020-27851 2021-01-20 11:15:00 Gravityforms gravityforms Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). [ Reference URL ] LOW
CVE-2020-27852 2021-01-20 11:15:00 Gravityforms gravityforms A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). [ Reference URL ] LOW
CVE-2020-28707 2021-01-20 05:15:00 Stockdio historical chart stockdio-historical-chart The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The stockdio_eventer function listens for any postMessage event. After a message event is sent to the application, this function sets the "e" variable as the event and checks that the types of the data and data.method are not undefined (empty) before proceeding to eval the data.method received from the postMessage. However, on a different website. JavaScript code can call window.open for the vulnerable WordPress instance and do a postMessage(msg,'*') for that object. [ Reference URL ] MEDIUM
CVE-2020-35748 2021-01-16 00:15:00 Fv flowplayer video player fv-flowplayer-video-player Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter. [ Reference URL ] LOW
CVE-2020-35749 2021-01-16 00:15:00 Simple board job simple-board-job Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. [ Reference URL ] MEDIUM
CVE-2020-35581 2021-01-15 14:15:00 Envira gallery envira-gallery A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter. [ Reference URL ] LOW
CVE-2020-35582 2021-01-15 14:15:00 Envira gallery envira-gallery A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter. [ Reference URL ] LOW
CVE-2020-36172 2021-01-06 22:15:00 Advanced custom fields advanced-custom-fields The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. [ Reference URL ] MEDIUM
CVE-2020-36173 2021-01-06 22:15:00 Ninja forms ninja-forms The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. [ Reference URL ] MEDIUM
CVE-2020-36174 2021-01-06 22:15:00 Ninja forms ninja-forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. [ Reference URL ] MEDIUM
CVE-2020-36175 2021-01-06 22:15:00 Ninja forms ninja-forms The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. [ Reference URL ] MEDIUM
CVE-2020-36171 2021-01-06 22:15:00 Website builder website-builder The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. [ Reference URL ] MEDIUM
CVE-2020-36176 2021-01-06 22:15:00 Ithemes security ithemes-security The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. [ Reference URL ] MEDIUM
CVE-2020-36170 2021-01-06 21:15:00 Ultimate member ultimate-member The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. [ Reference URL ] MEDIUM
CVE-2020-36155 2021-01-05 01:15:00 Ultimate member ultimate-member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access. [ Reference URL ] HIGH
CVE-2020-36157 2021-01-05 01:15:00 Ultimate member ultimate-member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges. [ Reference URL ] HIGH
CVE-2020-36156 2021-01-05 01:15:00 Ultimate member ultimate-member An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges. [ Reference URL ] MEDIUM
CVE-2020-35944 2021-01-01 11:15:00 Pagelayer pagelayer An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. [ Reference URL ] MEDIUM
CVE-2020-35946 2021-01-01 11:15:00 All in one seo pack all-in-one-seo-pack An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS. [ Reference URL ] LOW
CVE-2020-35947 2021-01-01 11:15:00 Pagelayer pagelayer An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur. [ Reference URL ] MEDIUM
CVE-2020-35951 2021-01-01 11:15:00 Quiz and survey master quiz-and-survey-master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). [ Reference URL ] MEDIUM
CVE-2020-35945 2021-01-01 11:15:00 Divi extra divi-extra An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side. [ Reference URL ] MEDIUM
CVE-2020-35949 2021-01-01 11:15:00 Quiz and survey master quiz-and-survey-master An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file. [ Reference URL ] HIGH
CVE-2020-35948 2021-01-01 11:15:00 Xcloner xcloner An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump. [ Reference URL ] MEDIUM
CVE-2020-35950 2021-01-01 11:15:00 Xcloner xcloner An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). [ Reference URL ] MEDIUM
CVE-2020-35932 2021-01-01 09:15:00 Newsletter newsletter Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes. [ Reference URL ] MEDIUM
CVE-2020-35933 2021-01-01 09:15:00 Newsletter newsletter A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. [ Reference URL ] LOW
CVE-2020-35936 2021-01-01 09:15:00 Team showcase team-showcase Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. [ Reference URL ] MEDIUM
CVE-2020-35937 2021-01-01 09:15:00 Team showcase team-showcase Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. [ Reference URL ] MEDIUM
CVE-2020-35938 2021-01-01 09:15:00 Team showcase team-showcase PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. [ Reference URL ] MEDIUM
CVE-2020-35939 2021-01-01 09:15:00 Team showcase team-showcase PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. [ Reference URL ] MEDIUM
CVE-2020-35934 2021-01-01 09:15:00 Advanced access manager advanced-access-manager The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin). [ Reference URL ] MEDIUM
CVE-2020-35935 2021-01-01 09:15:00 Advanced access manager advanced-access-manager The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) [ Reference URL ] MEDIUM
CVE-2020-35773 2020-12-30 01:15:00 Site offline site-offline The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. [ Reference URL ] MEDIUM
CVE-2020-29156 2020-12-28 02:15:00 Woocommerce woocommerce The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. [ Reference URL ] MEDIUM
CVE-2020-29172 2020-12-26 09:15:00 Litespeed cache litespeed-cache A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. [ Reference URL ] MEDIUM
CVE-2020-35589 2020-12-21 14:15:00 Limit login attempts reloaded limit-login-attempts-reloaded The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. [ Reference URL ] LOW
CVE-2020-35590 2020-12-21 14:15:00 Limit login attempts reloaded limit-login-attempts-reloaded LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries. [ Reference URL ] MEDIUM
CVE-2020-35489 2020-12-18 02:15:00 Contact form 7 contact-form-7 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. [ Reference URL ] HIGH
CVE-2020-29303 2020-12-15 03:15:00 Directories pro directories-pro A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token. [ Reference URL ] MEDIUM
CVE-2020-29304 2020-12-15 03:15:00 Directories pro directories-pro A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow. [ Reference URL ] MEDIUM
CVE-2020-35234 2020-12-14 10:15:00 Easy wp smtp easy-wp-smtp The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there. [ Reference URL ] MEDIUM
CVE-2020-35235 2020-12-14 10:15:00 Secure file manager secure-file-manager ** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. [ Reference URL ] MEDIUM
CVE-2020-35135 2020-12-11 12:15:00 Ultimate category excluder ultimate-category-excluder The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. [ Reference URL ] MEDIUM
CVE-2020-14205 2020-12-09 03:15:00 Divebook divebook The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs. [ Reference URL ] MEDIUM
CVE-2020-14206 2020-12-09 03:15:00 Divebook divebook The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). [ Reference URL ] MEDIUM
CVE-2020-14207 2020-12-09 03:15:00 Divebook divebook The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter. [ Reference URL ] MEDIUM
CVE-2020-29395 2020-12-01 03:15:00 Eventon eventon The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. [ Reference URL ] MEDIUM
CVE-2020-28976 2020-11-30 21:15:00 Canto canto The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. [ Reference URL ] MEDIUM
CVE-2020-28977 2020-11-30 21:15:00 Canto canto The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. [ Reference URL ] MEDIUM
CVE-2020-28978 2020-11-30 21:15:00 Canto canto The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. [ Reference URL ] MEDIUM
CVE-2020-28649 2020-11-16 11:15:00 Child theme creator child-theme-creator The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. [ Reference URL ] MEDIUM
CVE-2020-28650 2020-11-16 11:15:00 Page builder page-builder The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. [ Reference URL ] LOW
CVE-2020-27481 2020-11-12 21:15:00 Good learning management system good-learning-management-system An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. [ Reference URL ] HIGH
CVE-2020-24063 2020-11-11 04:15:00 Canto canto The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. [ Reference URL ] MEDIUM
CVE-2020-28339 2020-11-08 02:15:00 Welcart e commerce welcart-e-commerce The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. [ Reference URL ] MEDIUM
CVE-2020-22276 2020-11-05 00:15:00 Weforms weforms WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. [ Reference URL ] HIGH
CVE-2020-22275 2020-11-05 00:15:00 Easy registration forms easy-registration-forms Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. [ Reference URL ] MEDIUM
CVE-2020-22277 2020-11-05 00:15:00 Import and export users and customers import-and-export-users-and-customers Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. [ Reference URL ] MEDIUM
CVE-2020-16140 2020-10-28 05:15:00 Greenmart greenmart The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS. [ Reference URL ] MEDIUM
CVE-2020-27615 2020-10-22 04:15:00 Loginizer loginizer The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. [ Reference URL ] HIGH
CVE-2020-27344 2020-10-22 03:15:00 Cm download manager cm-download-manager The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. [ Reference URL ] MEDIUM
CVE-2020-5650 2020-10-21 23:15:00 Simple download monitor simple-download-monitor Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. [ Reference URL ] MEDIUM
CVE-2020-5651 2020-10-21 23:15:00 Simple download monitor simple-download-monitor SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. [ Reference URL ] MEDIUM
CVE-2020-26672 2020-10-16 22:15:00 Testimonial rotator testimonial-rotator Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database. [ Reference URL ] LOW
CVE-2020-5642 2020-10-15 10:15:00 Live Chat - Live Support onwebchat Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. [ Reference URL ] MEDIUM
CVE-2020-26876 2020-10-08 00:15:00 Wp courses wp-courses The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist). [ Reference URL ] MEDIUM
CVE-2020-26596 2020-10-07 23:15:00 Wordpress wordpress The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role. [ Reference URL ] HIGH
CVE-2020-26511 2020-10-02 12:15:00 Wordpress + azure ad / Office 365 wpo365-login The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass. [ Reference URL ] MEDIUM
CVE-2020-20406 2020-09-17 03:15:00 Elementor page builder elementor-page-builder A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. [ Reference URL ] LOW
CVE-2020-25375 2020-09-14 23:15:00 Wp smart crm & invoices wp-smart-crm-&-invoices Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. [ Reference URL ] LOW
CVE-2020-25378 2020-09-14 23:15:00 Wp floating menu wp-floating-menu Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. [ Reference URL ] MEDIUM
CVE-2020-25379 2020-09-14 23:15:00 Recall products recall-products Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. [ Reference URL ] MEDIUM
CVE-2020-25380 2020-09-14 23:15:00 Recall products recall-products Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. [ Reference URL ] LOW
CVE-2020-5780 2020-09-10 22:15:00 Email subscribers & newsletters email-subscribers-&-newsletters Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. [ Reference URL ] MEDIUM
CVE-2020-25213 2020-09-09 23:15:00 File manager file-manager The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020. [ Reference URL ] HIGH
CVE-2020-24948 2020-09-03 22:15:00 Autoptimize autoptimize The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. [ Reference URL ] MEDIUM
CVE-2020-20628 2020-09-01 00:15:00 Wp gdpr wp-gdpr controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS. [ Reference URL ] MEDIUM
CVE-2020-20625 2020-08-31 23:15:00 Sliced invoices sliced-invoices Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. [ Reference URL ] MEDIUM
CVE-2020-20626 2020-08-31 23:15:00 Lara's google analytics lara's-google-analytics lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS. [ Reference URL ] LOW
CVE-2020-20627 2020-08-31 23:15:00 Givewp givewp The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. [ Reference URL ] MEDIUM
CVE-2020-24699 2020-08-31 23:15:00 Chamber dashboard business directory chamber-dashboard-business-directory The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. [ Reference URL ] MEDIUM
CVE-2020-15020 2020-08-31 20:15:00 Page builder page-builder An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. [ Reference URL ] LOW
CVE-2020-25033 2020-08-31 12:15:00 Subscribe sidebar subscribe-sidebar The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. [ Reference URL ] MEDIUM
CVE-2020-11497 2020-08-27 02:15:00 Nab transact nab-transact An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. [ Reference URL ] MEDIUM
CVE-2020-24315 2020-08-26 21:15:00 Wordpress poll wordpress-poll Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. [ Reference URL ] MEDIUM
CVE-2020-24316 2020-08-26 21:15:00 Admin menu admin-menu WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. [ Reference URL ] MEDIUM
CVE-2020-24312 2020-08-26 20:15:00 File manager file-manager mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. [ Reference URL ] MEDIUM
CVE-2020-24313 2020-08-26 20:15:00 Ultimate appointment booking & scheduling ultimate-appointment-booking-&-scheduling Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. [ Reference URL ] MEDIUM
CVE-2020-24314 2020-08-26 20:15:00 Rss feed widget rss-feed-widget Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. [ Reference URL ] MEDIUM
CVE-2020-24186 2020-08-24 21:15:00 Wpdiscuz wpdiscuz A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. [ Reference URL ] HIGH
CVE-2020-20633 2020-08-21 23:15:00 Gdpr cookie consent gdpr-cookie-consent ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation. [ Reference URL ] LOW
CVE-2020-20634 2020-08-21 22:15:00 Elementor page builder elementor-page-builder Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. [ Reference URL ] MEDIUM
CVE-2020-17362 2020-08-13 05:15:00 Nova lite nova-lite search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. [ Reference URL ] MEDIUM
CVE-2020-5611 2020-07-27 14:15:00 Social sharing social-sharing Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors. [ Reference URL ] MEDIUM
CVE-2020-14063 2020-07-22 01:15:00 Tc custom javascript tc-custom-javascript A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors. [ Reference URL ] MEDIUM
CVE-2020-5767 2020-07-18 05:15:00 Email subscribers & newsletters email-subscribers-&-newsletters Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. [ Reference URL ] MEDIUM
CVE-2020-5768 2020-07-18 05:15:00 Email subscribers & newsletters email-subscribers-&-newsletters Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. [ Reference URL ] MEDIUM
CVE-2020-5766 2020-07-13 22:15:00 Srs simple hits counter srs-simple-hits-counter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. [ Reference URL ] MEDIUM
CVE-2020-15299 2020-07-10 02:15:00 Kingcomposer kingcomposer A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser. [ Reference URL ] MEDIUM
CVE-2020-15535 2020-07-05 23:15:00 Car rental system car-rental-system An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. [ Reference URL ] MEDIUM
CVE-2020-15536 2020-07-05 23:15:00 Online hotel booking system online-hotel-booking-system An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. [ Reference URL ] MEDIUM
CVE-2020-15537 2020-07-05 23:15:00 Vanguard vanguard An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. [ Reference URL ] MEDIUM
CVE-2020-14092 2020-07-02 23:15:00 Paypal pro paypal-pro The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. [ Reference URL ] HIGH
CVE-2020-15363 2020-06-28 19:15:00 Nexos nexos The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. [ Reference URL ] MEDIUM
CVE-2020-15364 2020-06-28 19:15:00 Nexos nexos The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. [ Reference URL ] MEDIUM
CVE-2020-15038 2020-06-25 03:15:00 Coming soon page, under construction & maintenance mode coming-soon-page,-under-construction-&-maintenance-mode The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. [ Reference URL ] LOW
CVE-2020-13700 2020-06-24 22:15:00 Acf to rest api acf-to-rest-api An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. [ Reference URL ] MEDIUM
CVE-2020-13426 2020-06-23 01:15:00 Multi scheduler multi-scheduler The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. [ Reference URL ] MEDIUM
CVE-2020-14959 2020-06-22 07:15:00 Easy testimonials easy-testimonials Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. [ Reference URL ] LOW
CVE-2020-14962 2020-06-22 07:15:00 Image photo gallery final tiles grid image-photo-gallery-final-tiles-grid Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. [ Reference URL ] LOW
CVE-2020-13640 2020-06-18 22:15:00 Wpdiscuz wpdiscuz A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) [ Reference URL ] HIGH
CVE-2020-14010 2020-06-11 01:15:00 Xenon xenon The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. [ Reference URL ] MEDIUM
CVE-2020-13892 2020-06-10 01:15:00 Sportspress sportspress The SportsPress plugin before 2.7.2 for WordPress allows XSS. [ Reference URL ] LOW
CVE-2020-12800 2020-06-09 00:15:00 Drag and drop multiple file upload contact form 7 drag-and-drop-multiple-file-upload---contact-form-7 The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. [ Reference URL ] HIGH
CVE-2020-13864 2020-06-06 05:15:00 Elementor page builder elementor-page-builder The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. [ Reference URL ] LOW
CVE-2020-13865 2020-06-06 05:15:00 Elementor page builder elementor-page-builder The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. [ Reference URL ] LOW
CVE-2020-13764 2020-06-03 04:15:00 Gravityforms gravityforms common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. [ Reference URL ] MEDIUM
CVE-2020-12675 2020-05-29 23:15:00 Mappress mappress The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077. [ Reference URL ] MEDIUM
CVE-2020-13693 2020-05-29 07:15:00 Bbpress bbpress An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. [ Reference URL ] HIGH
CVE-2020-13641 2020-05-28 11:15:00 Real time find and replace real-time-find-and-replace An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser. [ Reference URL ] MEDIUM
CVE-2020-13642 2020-05-28 11:15:00 Page builder page-builder An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. [ Reference URL ] MEDIUM
CVE-2020-13643 2020-05-28 11:15:00 Page builder page-builder An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. [ Reference URL ] MEDIUM
CVE-2020-13644 2020-05-28 11:15:00 Accordion accordion An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion. [ Reference URL ] LOW
CVE-2020-13487 2020-05-26 21:15:00 Bbpress bbpress The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI. [ Reference URL ] LOW
CVE-2020-5579 2020-05-20 18:15:00 Paid memberships pro paid-memberships-pro SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. [ Reference URL ] MEDIUM
CVE-2020-13125 2020-05-17 08:15:00 Ultimate addons for elementor ultimate-addons-for-elementor An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. [ Reference URL ] MEDIUM
CVE-2020-13126 2020-05-17 08:15:00 Elementor page builder elementor-page-builder An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. [ Reference URL ] MEDIUM
CVE-2020-12832 2020-05-14 01:15:00 Simple file list simple-file-list WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. [ Reference URL ] HIGH
CVE-2020-12742 2020-05-13 20:15:00 Iubenda cookie law solution iubenda-cookie-law-solution The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. [ Reference URL ] MEDIUM
CVE-2020-11530 2020-05-09 03:15:00 Chop slider chop-slider A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. [ Reference URL ] HIGH
CVE-2020-12696 2020-05-07 12:15:00 Iframe iframe The iframe plugin before 4.5 for WordPress does not sanitize a URL. [ Reference URL ] MEDIUM
CVE-2020-11727 2020-05-07 01:15:00 Advanced order export advanced-order-export A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. [ Reference URL ] MEDIUM
CVE-2020-8799 2020-05-05 23:15:00 Wti like post wti-like-post A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website. [ Reference URL ] LOW
CVE-2020-12104 2020-05-05 22:15:00 Wp advanced search wp-advanced-search The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. [ Reference URL ] MEDIUM
CVE-2020-6010 2020-04-30 22:15:00 Learnpress learnpress LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection [ Reference URL ] MEDIUM
CVE-2020-12462 2020-04-30 00:15:00 Ninja forms ninja-forms The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. [ Reference URL ] MEDIUM
CVE-2020-12070 2020-04-25 06:15:00 Advanced woo search advanced-woo-search The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php. [ Reference URL ] MEDIUM
CVE-2020-12054 2020-04-23 22:15:00 Catch breadcrumb catch-breadcrumb The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. [ Reference URL ] MEDIUM
CVE-2020-12077 2020-04-23 10:15:00 Mappress mappress The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. [ Reference URL ] MEDIUM
CVE-2020-12073 2020-04-23 09:15:00 Gutenberg & elementor templates importer for responsive gutenberg-&-elementor-templates-importer-for-responsive The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. [ Reference URL ] MEDIUM
CVE-2020-12074 2020-04-23 09:15:00 Import export wordpress users import-export-wordpress-users The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. [ Reference URL ] MEDIUM
CVE-2020-12075 2020-04-23 09:15:00 Data tables generator data-tables-generator The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. [ Reference URL ] MEDIUM
CVE-2020-12076 2020-04-23 09:15:00 Data tables generator data-tables-generator The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS. [ Reference URL ] MEDIUM
CVE-2020-7055 2020-04-23 01:15:00 Elementor page builder elementor-page-builder An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive. [ Reference URL ] HIGH
CVE-2020-11930 2020-04-20 08:15:00 Translate wordpress with gtranslate translate-wordpress-with-gtranslate The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. [ Reference URL ] MEDIUM
CVE-2020-11928 2020-04-20 07:15:00 Media library assistant media-library-assistant In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. [ Reference URL ] HIGH
CVE-2020-11738 2020-04-14 05:15:00 Duplicator duplicator The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. [ Reference URL ] MEDIUM
CVE-2020-11673 2020-04-13 22:15:00 Responsive poll responsive-poll An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wp_ajax_nopriv function in Includes/Total-Soft-Poll-Ajax.php for sensitive operations. [ Reference URL ] HIGH
CVE-2020-11731 2020-04-13 09:15:00 Media library assistant media-library-assistant The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. [ Reference URL ] MEDIUM
CVE-2020-11732 2020-04-13 09:15:00 Media library assistant media-library-assistant The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. [ Reference URL ] MEDIUM
CVE-2020-11508 2020-04-08 02:15:00 Wp lead plus x wp-lead-plus-x An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action. [ Reference URL ] LOW
CVE-2020-11509 2020-04-08 02:15:00 Wp lead plus x wp-lead-plus-x An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page). [ Reference URL ] MEDIUM
CVE-2020-11512 2020-04-08 00:15:00 Impress for idx broker impress-for-idx-broker Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts. [ Reference URL ] LOW
CVE-2020-11514 2020-04-08 00:15:00 Rankmath rankmath The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. [ Reference URL ] HIGH
CVE-2020-11515 2020-04-08 00:15:00 Rankmath rankmath The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI). [ Reference URL ] MEDIUM
CVE-2020-11516 2020-04-08 00:15:00 Contact form 7 datepicker contact-form-7-datepicker Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator's session. [ Reference URL ] LOW
CVE-2020-9514 2020-04-08 00:15:00 Impress for idx broker impress-for-idx-broker An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page). [ Reference URL ] MEDIUM
CVE-2020-11548 2020-04-05 07:15:00 Search meter search-meter The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed. [ Reference URL ] HIGH
CVE-2020-6009 2020-04-02 05:15:00 Learndash learndash LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. [ Reference URL ] HIGH
CVE-2020-5391 2020-04-01 20:15:00 Wp auth0 wp-auth0 Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. [ Reference URL ] MEDIUM
CVE-2020-5392 2020-04-01 20:15:00 Wp auth0 wp-auth0 A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. [ Reference URL ] MEDIUM
CVE-2020-6753 2020-04-01 20:15:00 Login by auth0 login-by-auth0 The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. [ Reference URL ] MEDIUM
CVE-2020-7947 2020-04-01 20:15:00 Login by auth0 login-by-auth0 An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded. [ Reference URL ] HIGH
CVE-2020-7948 2020-04-01 20:15:00 Login by auth0 login-by-auth0 An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference. [ Reference URL ] MEDIUM
CVE-2020-6008 2020-03-31 22:15:00 Lifterlms lifterlms LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution [ Reference URL ] HIGH
CVE-2020-10817 2020-03-28 02:15:00 Custom searchable data entry system custom-searchable-data-entry-system The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. [ Reference URL ] MEDIUM
CVE-2020-10385 2020-03-24 23:15:00 Contact form contact-form A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. [ Reference URL ] LOW
CVE-2020-9392 2020-03-24 00:15:00 Pricing table by supsystic pricing-table-by-supsystic An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. [ Reference URL ] HIGH
CVE-2020-7916 2020-03-17 01:15:00 Learnpress learnpress be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data. [ Reference URL ] MEDIUM
CVE-2020-10568 2020-03-14 21:15:00 Sitepress multilingual cms sitepress-multilingual-cms The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings. [ Reference URL ] MEDIUM
CVE-2020-10564 2020-03-14 06:15:00 Wordpress file upload wordpress-file-upload An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call. [ Reference URL ] HIGH
CVE-2020-10195 2020-03-13 23:15:00 Popup builder popup-builder The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info. [ Reference URL ] MEDIUM
CVE-2020-10196 2020-03-13 23:15:00 Popup builder popup-builder An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications. [ Reference URL ] MEDIUM
CVE-2020-8435 2020-03-12 21:15:00 Registrationmagic registrationmagic An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. [ Reference URL ] MEDIUM
CVE-2020-8436 2020-03-12 21:15:00 Registrationmagic registrationmagic XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. [ Reference URL ] MEDIUM
CVE-2020-10257 2020-03-10 07:15:00 Topper theme and skins topper-theme-and-skins The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter. [ Reference URL ] HIGH
CVE-2020-9454 2020-03-07 02:15:00 Registrationmagic registrationmagic A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. [ Reference URL ] MEDIUM
CVE-2020-9455 2020-03-07 02:15:00 Registrationmagic registrationmagic The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. [ Reference URL ] MEDIUM
CVE-2020-9456 2020-03-07 02:15:00 Registrationmagic registrationmagic In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. [ Reference URL ] MEDIUM
CVE-2020-9457 2020-03-07 02:15:00 Registrationmagic registrationmagic The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. [ Reference URL ] MEDIUM
CVE-2020-9458 2020-03-07 02:15:00 Registrationmagic registrationmagic In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. [ Reference URL ] MEDIUM
CVE-2020-9371 2020-03-05 02:15:00 Appointment booking calendar appointment-booking-calendar Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. [ Reference URL ] LOW
CVE-2020-9372 2020-03-05 02:15:00 Appointment booking calendar appointment-booking-calendar The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection. [ Reference URL ] MEDIUM
CVE-2020-9459 2020-02-29 04:15:00 Modern events calendar lite modern-events-calendar-lite Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings. [ Reference URL ] LOW
CVE-2020-9466 2020-02-29 03:15:00 Export users to csv export-users-to-csv The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. [ Reference URL ] MEDIUM
CVE-2020-9393 2020-02-26 02:15:00 Pricing table by supsystic pricing-table-by-supsystic An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. [ Reference URL ] MEDIUM
CVE-2020-9394 2020-02-26 02:15:00 Pricing table by supsystic pricing-table-by-supsystic An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. [ Reference URL ] MEDIUM
CVE-2020-9019 2020-02-26 01:15:00 Wpjobboard wpjobboard The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. [ Reference URL ] MEDIUM
CVE-2020-9334 2020-02-26 00:15:00 Photo gallery photo-gallery A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. [ Reference URL ] LOW
CVE-2020-9335 2020-02-26 00:15:00 Photo gallery photo-gallery Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. [ Reference URL ] LOW
CVE-2020-5244 2020-02-25 01:15:00 Buddypress buddypress In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2. [ Reference URL ] MEDIUM
CVE-2020-9003 2020-02-21 05:15:00 Modula image gallery modula-image-gallery A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. [ Reference URL ] LOW
CVE-2020-5530 2020-02-18 13:15:00 Easy property listings easy-property-listings Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. [ Reference URL ] MEDIUM
CVE-2020-9043 2020-02-18 00:15:00 Wpcentral wpcentral The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. [ Reference URL ] HIGH
CVE-2020-6850 2020-02-17 23:15:00 Saml sp single sign on saml-sp-single-sign-on Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. [ Reference URL ] MEDIUM
CVE-2020-9006 2020-02-17 22:15:00 Popup builder popup-builder The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.) [ Reference URL ] HIGH
CVE-2020-8594 2020-02-15 03:15:00 Ninja forms ninja-forms The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. [ Reference URL ] LOW
CVE-2020-8596 2020-02-11 19:15:00 Participants database participants-database participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met). [ Reference URL ] MEDIUM
CVE-2020-8771 2020-02-07 00:15:00 Wp time capsule wp-time-capsule The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. [ Reference URL ] HIGH
CVE-2020-8772 2020-02-07 00:15:00 Infinitewp client infinitewp-client The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. [ Reference URL ] HIGH
CVE-2020-8658 2020-02-06 10:15:00 Htaccess htaccess The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website. [ Reference URL ] MEDIUM
CVE-2020-8615 2020-02-05 03:15:00 Tutor lms tutor-lms A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). [ Reference URL ] LOW
CVE-2020-8549 2020-02-04 00:15:00 Strong testimonials strong-testimonials Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. [ Reference URL ] MEDIUM
CVE-2020-8498 2020-01-31 06:15:00 Gistpress gistpress XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). [ Reference URL ] LOW
CVE-2020-8426 2020-01-29 06:15:00 Elementor page builder elementor-page-builder The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user. [ Reference URL ] LOW
CVE-2020-8417 2020-01-29 04:15:00 Code snippets code-snippets The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. [ Reference URL ] MEDIUM
CVE-2020-7109 2020-01-23 00:15:00 Elementor page builder elementor-page-builder The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template. [ Reference URL ] HIGH
CVE-2020-7228 2020-01-22 22:15:00 Calculated fields form calculated-fields-form The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. [ Reference URL ] LOW
CVE-2020-6849 2020-01-22 02:15:00 Marketo forms and tracking marketo-forms-and-tracking The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. [ Reference URL ] MEDIUM
CVE-2020-7239 2020-01-21 12:15:00 Chatbot with ibm watson chatbot-with-ibm-watson The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. [ Reference URL ] MEDIUM
CVE-2020-7241 2020-01-21 03:15:00 Wp database backup wp-database-backup The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL. [ Reference URL ] MEDIUM
CVE-2020-7104 2020-01-18 06:15:00 Chained quiz chained-quiz The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. [ Reference URL ] MEDIUM
CVE-2020-7047 2020-01-17 04:15:00 Wp database reset wp-database-reset The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. [ Reference URL ] MEDIUM
CVE-2020-7048 2020-01-17 04:15:00 Wp database reset wp-database-reset The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. [ Reference URL ] MEDIUM
CVE-2020-7107 2020-01-16 12:15:00 Ultimate faq ultimate-faq The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. [ Reference URL ] MEDIUM
CVE-2020-7108 2020-01-16 12:15:00 Learndash learndash The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. [ Reference URL ] MEDIUM
CVE-2020-6859 2020-01-14 00:15:00 Ultimate member ultimate-member Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image. [ Reference URL ] MEDIUM
CVE-2020-6166 2020-01-10 03:15:00 Minimal coming soon & maintenance mode minimal-coming-soon-&-maintenance-mode A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. [ Reference URL ] MEDIUM
CVE-2020-6168 2020-01-10 03:15:00 Minimal coming soon & maintenance mode minimal-coming-soon-&-maintenance-mode A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting). [ Reference URL ] MEDIUM
CVE-2020-6167 2020-01-10 02:15:00 Minimal coming soon & maintenance mode minimal-coming-soon-&-maintenance-mode A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo. [ Reference URL ] MEDIUM