脆弱性情報一覧

お問い合わせ

WordPress脆弱性情報

WordPressのコア・テーマ・プラグインの
脆弱性情報を配信しています

脆弱性情報一覧

【plugin】『FuseDesk』(versions 6.7 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameterの脆弱性

2025年4月24日(木) 9:33

重大性 6.4

【plugin】『Lottie Player- Great Lottie Player Solution』(versions 1.1.8 以下)　Authenticated (Author+) Stored Cross-Site Scripting via File Uploadの脆弱性

2025年4月24日(木) 9:33

重大性 6.4

【plugin】『Frontend Login and Registration Blocks』(versions 1.0.7 以下)　Authenticated (Subscriber+) Privilege Escalation via Password Resetの脆弱性

2025年4月24日(木) 9:33

重大性 8.8

【plugin】『Flynax Bridge』(versions 2.2.0 以下)　Unauthenticated Privilege Escalation via Account Takeoverの脆弱性

2025年4月24日(木) 9:33

重大性 9.8

【plugin】『Advanced Accordion Gutenberg Block』(versions 5.0.1 以下)　Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

2025年4月24日(木) 9:33

重大性 6.4

【plugin】『Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print)』(versions 4.1 以下)　Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosureの脆弱性

2025年4月24日(木) 9:33

重大性 4.3

【plugin】『My Tickets – Accessible Event Ticketing』(versions 2.0.16 以下)　Authenticated (Subscriber+) Privilege Escalationの脆弱性

2025年4月24日(木) 9:33

重大性 8.8

【plugin】『Mang Board WP』(versions 1.8.6 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footerの脆弱性

2025年4月24日(木) 9:33

重大性 4.4

【plugin】『Configurator Theme Core』(versions 1.4.7 以下)　Authenticated (Subscriber+) Privilege Escalationの脆弱性

2025年4月24日(木) 9:33

重大性 8.8

【plugin】『Xelion Webchat』(versions 9.1.0 以下)　Authenticated (Subscriber+) Arbitrary Options Updateの脆弱性

2025年4月24日(木) 9:33

重大性 8.8

【plugin】『Database Toolset』(versions 1.8.4 以下)　Unauthenticated Arbitrary File Deletionの脆弱性

2025年4月24日(木) 9:33

重大性 9.1

【plugin】『WordPress Simple Shopping Cart』(versions 5.1.2 以下)　Unauthenticated Product Price Manipulationの脆弱性

2025年4月23日(水) 9:30

重大性 7.5

【plugin】『WordPress Simple Shopping Cart』(versions 5.1.2 以下)　Unauthenticated Information Exposure via file_url Parameterの脆弱性

2025年4月23日(水) 9:30

重大性 8.2

【plugin】『Tax Switch for WooCommerce』(versions 1.4.2 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameterの脆弱性

2025年4月22日(火) 9:30

重大性 6.4

【plugin】『Greenshift – animation and page builder blocks』(versions 11.4 – 11.4.5)　Authenticated (Subscriber+) Arbitrary File Uploadの脆弱性

2025年4月22日(火) 9:30

重大性 8.8

【plugin】『SB Chart block』(versions 1.2.6 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameterの脆弱性

2025年4月21日(月) 9:30

重大性 6.4

【plugin】『Download Manager』(versions 3.3.12 以下)　Authenticated (Author+) Arbitrary File Deletionの脆弱性

2025年4月21日(月) 9:30

重大性 8.8

【theme】『AI Hub – Startup & Technology WordPress Theme』(versions 1.3.7 以下)　Unauthenticated Arbitrary File Upload in generate_imageの脆弱性

2025年4月21日(月) 9:30

重大性 9.8

【plugin】『Download Manager』(versions 3.3.12 以下)　Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

2025年4月18日(金) 9:31

重大性 5.4

【plugin】『Login Manager – Design Login Page, View Login Activity, Limit Login Attempts』(versions 2.0.5 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URLの脆弱性

2025年4月18日(金) 9:31

重大性 4.4

前の20記事

次の20記事

前の20記事 1 2 … 349 次の20記事

脆弱性情報一覧

【plugin】『Custom Admin-Bar Favorites』(versions 0.1 以下)　Reflected Cross-Site Scriptingの脆弱性

2025年4月25日(金) 9:32

重大性 6.1

【plugin】『Ajax Comment Form CST』(versions 1.2 以下)　Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

2025年4月25日(金) 9:32

重大性 6.1

【plugin】『Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder』(versions 2.18.3 以下)　Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

2025年4月25日(金) 9:32

重大性 4.9

【plugin】『Add Google +1 (Plus one) social share Button』(versions 1.0.0 以下)　Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

2025年4月25日(金) 9:32

重大性 6.1

【plugin】『Flynax Bridge』(versions 2.2.0 以下)　Unauthenticated Privilege Escalation via Password Updateの脆弱性

2025年4月24日(木) 9:33

重大性 9.8

【plugin】『Verification SMS with TargetSMS』(versions 1.5 以下)　Unauthenticated Limited Remote Code Executionの脆弱性

2025年4月24日(木) 9:33

重大性 8.3

【plugin】『Buddypress Force Password Change』(versions 0.1 以下)　Authenticated (Subscriber+) Account Takeover via Password Updateの脆弱性

2025年4月24日(木) 9:33

重大性 4.2

【plugin】『ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes』(versions 1.4.9 以下)　Authenticated (Subscriber+) SQL Injectionの脆弱性

2025年4月24日(木) 9:33

重大性 6.5

【theme】『Reales WP – Real Estate WordPress Theme』(versions 2.1.2 以下)　Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updatesの脆弱性

2025年4月24日(木) 9:33

重大性 5.3

【plugin】『WPMasterToolKit (WPMTK) – All in one plugin』(versions 1.15.0 以下)　Authenticated (Administrator+) to Arbitrary File Read and Writeの脆弱性

2025年4月24日(木) 9:33

重大性 7.2

前の10記事

次の10記事

前の10記事 1 2 … 698 次の10記事

注目記事

脆弱性情報を受け取る

WordPress脆弱性情報

脆弱性情報一覧

【plugin】『FuseDesk』(versions 6.7 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameterの脆弱性

【plugin】『Lottie Player- Great Lottie Player Solution』(versions 1.1.8 以下) Authenticated (Author+) Stored Cross-Site Scripting via File Uploadの脆弱性

【plugin】『Frontend Login and Registration Blocks』(versions 1.0.7 以下) Authenticated (Subscriber+) Privilege Escalation via Password Resetの脆弱性

【plugin】『Flynax Bridge』(versions 2.2.0 以下) Unauthenticated Privilege Escalation via Account Takeoverの脆弱性

【plugin】『Advanced Accordion Gutenberg Block』(versions 5.0.1 以下) Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

【plugin】『Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print)』(versions 4.1 以下) Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosureの脆弱性

【plugin】『My Tickets – Accessible Event Ticketing』(versions 2.0.16 以下) Authenticated (Subscriber+) Privilege Escalationの脆弱性

【plugin】『Mang Board WP』(versions 1.8.6 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footerの脆弱性

【plugin】『Configurator Theme Core』(versions 1.4.7 以下) Authenticated (Subscriber+) Privilege Escalationの脆弱性

【plugin】『Xelion Webchat』(versions 9.1.0 以下) Authenticated (Subscriber+) Arbitrary Options Updateの脆弱性

【plugin】『Database Toolset』(versions 1.8.4 以下) Unauthenticated Arbitrary File Deletionの脆弱性

【plugin】『WordPress Simple Shopping Cart』(versions 5.1.2 以下) Unauthenticated Product Price Manipulationの脆弱性

【plugin】『WordPress Simple Shopping Cart』(versions 5.1.2 以下) Unauthenticated Information Exposure via file_url Parameterの脆弱性

【plugin】『Tax Switch for WooCommerce』(versions 1.4.2 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameterの脆弱性

【plugin】『Greenshift – animation and page builder blocks』(versions 11.4 – 11.4.5) Authenticated (Subscriber+) Arbitrary File Uploadの脆弱性

【plugin】『SB Chart block』(versions 1.2.6 以下) Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameterの脆弱性

【plugin】『Download Manager』(versions 3.3.12 以下) Authenticated (Author+) Arbitrary File Deletionの脆弱性

【theme】『AI Hub – Startup & Technology WordPress Theme』(versions 1.3.7 以下) Unauthenticated Arbitrary File Upload in generate_imageの脆弱性

【plugin】『Download Manager』(versions 3.3.12 以下) Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

【plugin】『Login Manager – Design Login Page, View Login Activity, Limit Login Attempts』(versions 2.0.5 以下) Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URLの脆弱性

脆弱性情報一覧

【plugin】『Custom Admin-Bar Favorites』(versions 0.1 以下) Reflected Cross-Site Scriptingの脆弱性

【plugin】『Ajax Comment Form CST』(versions 1.2 以下) Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

【plugin】『Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder』(versions 2.18.3 以下) Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

【plugin】『Add Google +1 (Plus one) social share Button』(versions 1.0.0 以下) Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

【plugin】『Flynax Bridge』(versions 2.2.0 以下) Unauthenticated Privilege Escalation via Password Updateの脆弱性

【plugin】『Verification SMS with TargetSMS』(versions 1.5 以下) Unauthenticated Limited Remote Code Executionの脆弱性

【plugin】『Buddypress Force Password Change』(versions 0.1 以下) Authenticated (Subscriber+) Account Takeover via Password Updateの脆弱性

【plugin】『ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes』(versions 1.4.9 以下) Authenticated (Subscriber+) SQL Injectionの脆弱性

【theme】『Reales WP – Real Estate WordPress Theme』(versions 2.1.2 以下) Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updatesの脆弱性

【plugin】『WPMasterToolKit (WPMTK) – All in one plugin』(versions 1.15.0 以下) Authenticated (Administrator+) to Arbitrary File Read and Writeの脆弱性

注目記事

【plugin】『FuseDesk』(versions 6.7 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameterの脆弱性

【plugin】『Lottie Player- Great Lottie Player Solution』(versions 1.1.8 以下)　Authenticated (Author+) Stored Cross-Site Scripting via File Uploadの脆弱性

【plugin】『Frontend Login and Registration Blocks』(versions 1.0.7 以下)　Authenticated (Subscriber+) Privilege Escalation via Password Resetの脆弱性

【plugin】『Flynax Bridge』(versions 2.2.0 以下)　Unauthenticated Privilege Escalation via Account Takeoverの脆弱性

【plugin】『Advanced Accordion Gutenberg Block』(versions 5.0.1 以下)　Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

【plugin】『Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print)』(versions 4.1 以下)　Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosureの脆弱性

【plugin】『My Tickets – Accessible Event Ticketing』(versions 2.0.16 以下)　Authenticated (Subscriber+) Privilege Escalationの脆弱性

【plugin】『Mang Board WP』(versions 1.8.6 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footerの脆弱性

【plugin】『Configurator Theme Core』(versions 1.4.7 以下)　Authenticated (Subscriber+) Privilege Escalationの脆弱性

【plugin】『Xelion Webchat』(versions 9.1.0 以下)　Authenticated (Subscriber+) Arbitrary Options Updateの脆弱性

【plugin】『Database Toolset』(versions 1.8.4 以下)　Unauthenticated Arbitrary File Deletionの脆弱性

【plugin】『WordPress Simple Shopping Cart』(versions 5.1.2 以下)　Unauthenticated Product Price Manipulationの脆弱性

【plugin】『WordPress Simple Shopping Cart』(versions 5.1.2 以下)　Unauthenticated Information Exposure via file_url Parameterの脆弱性

【plugin】『Tax Switch for WooCommerce』(versions 1.4.2 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameterの脆弱性

【plugin】『Greenshift – animation and page builder blocks』(versions 11.4 – 11.4.5)　Authenticated (Subscriber+) Arbitrary File Uploadの脆弱性

【plugin】『SB Chart block』(versions 1.2.6 以下)　Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameterの脆弱性

【plugin】『Download Manager』(versions 3.3.12 以下)　Authenticated (Author+) Arbitrary File Deletionの脆弱性

【theme】『AI Hub – Startup & Technology WordPress Theme』(versions 1.3.7 以下)　Unauthenticated Arbitrary File Upload in generate_imageの脆弱性

【plugin】『Download Manager』(versions 3.3.12 以下)　Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

【plugin】『Login Manager – Design Login Page, View Login Activity, Limit Login Attempts』(versions 2.0.5 以下)　Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URLの脆弱性

【plugin】『Custom Admin-Bar Favorites』(versions 0.1 以下)　Reflected Cross-Site Scriptingの脆弱性

【plugin】『Ajax Comment Form CST』(versions 1.2 以下)　Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

【plugin】『Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder』(versions 2.18.3 以下)　Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploadの脆弱性

【plugin】『Add Google +1 (Plus one) social share Button』(versions 1.0.0 以下)　Cross-Site Request Forgery to Stored Cross-Site Scriptingの脆弱性

【plugin】『Flynax Bridge』(versions 2.2.0 以下)　Unauthenticated Privilege Escalation via Password Updateの脆弱性

【plugin】『Verification SMS with TargetSMS』(versions 1.5 以下)　Unauthenticated Limited Remote Code Executionの脆弱性

【plugin】『Buddypress Force Password Change』(versions 0.1 以下)　Authenticated (Subscriber+) Account Takeover via Password Updateの脆弱性

【plugin】『ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes』(versions 1.4.9 以下)　Authenticated (Subscriber+) SQL Injectionの脆弱性

【theme】『Reales WP – Real Estate WordPress Theme』(versions 2.1.2 以下)　Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updatesの脆弱性

【plugin】『WPMasterToolKit (WPMTK) – All in one plugin』(versions 1.15.0 以下)　Authenticated (Administrator+) to Arbitrary File Read and Writeの脆弱性