| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in WPDirectoryKit WP Directory Kit wpdirectorykit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through <= 1.4.0. |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Retrieve Embedded Sensitive Data.This issue affects CoSchedule: from n/a through <= 3.3.11. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through <= 5.9.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core vehica-core allows Cross Site Request Forgery.This issue affects Vehica Core: from n/a through <= 1.0.100. |
| Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin instapage allows Cross Site Request Forgery.This issue affects Instapage Plugin: from n/a through <= 3.7.0. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in YayCommerce YayCurrency yaycurrency allows Code Injection.This issue affects YayCurrency: from n/a through <= 3.3.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through <= 1.4.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows Stored XSS.This issue affects aThemes Addons for Elementor: from n/a through <= 1.1.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core javo-core allows Authentication Bypass.This issue affects Javo Core: from n/a through <= 3.0.0.266. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows SQL Injection.This issue affects AllInOne - Banner Rotator: from n/a through <= 3.8. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through <= 3.8. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a through <= 3.8. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through <= 3.8. |
| Missing Authorization vulnerability in Roxnor EmailKit emailkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmailKit: from n/a through <= 1.6.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored XSS.This issue affects Ditty: from n/a through <= 3.1.58. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links gallery-custom-links allows Stored XSS.This issue affects Gallery Custom Links: from n/a through <= 2.2.5. |
| Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront User Role Editor wpfront-user-role-editor allows Stored XSS.This issue affects WPFront User Role Editor: from n/a through <= 4.2.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through <= 2.4.2. |
