Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (68 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48835 | 2 Awesomemotive, Wordpress | 2 Contact Form By Wpforms, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. | ||||
| CVE-2026-54190 | 2 Awesomemotive, Wordpress | 2 Envira Photo Gallery, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | ||||
| CVE-2026-39503 | 2 Awesomemotive, Wordpress | 2 Easy Digital Downloads, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions. | ||||
| CVE-2026-9059 | 2 Awesomemotive, Wordpress | 2 Nextgen Gallery, Wordpress | 2026-05-20 | N/A |
| NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ('_clean_column()') in the data mapper layer that uses a character blacklist instead of a whitelist approach. This allows an authenticated attacker with the 'NextGEN Gallery overview' capability (assigned to the Administrator role by default) to inject arbitrary SQL into the 'ORDER BY' clause. | ||||
| CVE-2023-40005 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-29 | 5.3 Medium |
| Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5. | ||||
| CVE-2023-51684 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Digital Downloads Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) allows Stored XSS.This issue affects Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy): from n/a through 3.2.5. | ||||
| CVE-2022-33900 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-28 | 4.1 Medium |
| PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | ||||
| CVE-2025-2252 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-22 | 5.3 Medium |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal. | ||||
| CVE-2025-4670 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-21 | 6.4 Medium |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-3081 | 1 Awesomemotive | 1 Wp Mail Logging | 2026-04-08 | 7.2 High |
| The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: An incomplete fix was released in 1.11.1. | ||||
| CVE-2024-12875 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-08 | 4.9 Medium |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-6692 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-08 | 3.3 Low |
| The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-2302 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Easy Digital Downloads | 2026-04-08 | 5.3 Medium |
| The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII. | ||||
| CVE-2024-0659 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-08 | 5.5 Medium |
| The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13517 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-08 | 4.4 Medium |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2022-2439 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Easy Digital Downloads | 2026-04-08 | 7.2 High |
| The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. | ||||
| CVE-2024-6691 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-08 | 4.4 Medium |
| The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2020-11738 | 1 Awesomemotive | 1 Duplicator | 2026-02-02 | 7.5 High |
| The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. | ||||
| CVE-2018-7543 | 1 Awesomemotive | 1 Duplicator | 2026-02-02 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter. | ||||
| CVE-2018-25095 | 1 Awesomemotive | 1 Duplicator | 2026-02-02 | 9.8 Critical |
| The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. | ||||