Export limit exceeded: 343725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5341 | 1 Wpmudev | 1 Forminator Forms | 2026-04-08 | 6.4 Medium |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10580 | 1 Wpmudev | 1 Hustle | 2026-04-08 | 5.3 Medium |
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms. | ||||
| CVE-2025-4047 | 1 Wpmudev | 1 Broken Link Checker | 2026-04-08 | 4.3 Medium |
| The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status. | ||||
| CVE-2025-14782 | 2 Wordpress, Wpmudev | 2 Wordpress, Forminator Forms | 2026-04-08 | 5.3 Medium |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listen_for_csv_export' function. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with access to the Forminator dashboard, to export sensitive form submission data including personally identifiable information. | ||||
| CVE-2026-0911 | 2 Wordpress, Wpmudev | 2 Wordpress, Hustle | 2026-04-08 | 7.5 High |
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce. | ||||
| CVE-2024-43117 | 1 Wpmudev | 1 Hummingbird | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1. | ||||
| CVE-2024-37444 | 1 Wpmudev | 2 Defender, Defender Security | 2026-04-01 | 9.8 Critical |
| Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1. | ||||
| CVE-2024-37239 | 1 Wpmudev | 1 Branda | 2026-04-01 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Branda branda-white-labeling.This issue affects Branda: from n/a through <= 3.4.17. | ||||
| CVE-2026-24998 | 2 Wordpress, Wpmudev | 2 Wordpress, Hustle | 2026-04-01 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2. | ||||
| CVE-2025-62048 | 2 Wordpress, Wpmudev | 2 Wordpress, Smartcrawl | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through <= 3.14.3. | ||||
| CVE-2025-22288 | 2 Wordpress, Wpmudev | 2 Wordpress, Smush Image Compression And Optimization | 2026-04-01 | 4.1 Medium |
| Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0. | ||||
| CVE-2024-8492 | 1 Wpmudev | 1 Hustle | 2025-06-12 | 4.8 Medium |
| The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2023-47189 | 1 Wpmudev | 1 Defender | 2025-05-29 | 5.3 Medium |
| Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. | ||||
| CVE-2022-44581 | 1 Wpmudev | 1 Defender | 2025-05-28 | 5 Medium |
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | ||||
| CVE-2024-25595 | 1 Wpmudev | 1 Defender | 2025-05-28 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. | ||||
| CVE-2023-51490 | 1 Wpmudev | 1 Defender Security | 2025-05-23 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. | ||||
| CVE-2024-7052 | 1 Wpmudev | 1 Forminator Forms | 2025-05-14 | 4.8 Medium |
| The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-5089 | 1 Wpmudev | 1 Defender Security | 2025-04-23 | 5.3 Medium |
| The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. | ||||
| CVE-2017-15079 | 1 Wpmudev | 1 Smush Image Compression And Optimization | 2025-04-20 | N/A |
| The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | ||||
| CVE-2024-28890 | 2 Incsub, Wpmudev | 2 Forminator, Broken Link Checker | 2025-04-04 | 5.3 Medium |
| Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition. | ||||