The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow high privilege users such as…

The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information in its log files (which are publicly accessible), including DeepL API key.…

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL…

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. Zafiyet ile ilgili Genel Bilgi,…

The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform…

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users…

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin…

The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the…

An API Endpoint used by Miele’s “AppWash” MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been…