Vulnerability Name CVE Severity
WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7) CVE-2024-37225
WordPress Plugin Zoho SalesIQ Multiple Vulnerabilities (1.0.8) CVE-2019-5962 CVE-2019-5963 CVE-2019-15644 CVE-2019-15645
WordPress Plugin ZooEffect for Video player Photo Gallery Slideshow jQuery and audio/music/podcast-HTML Cross-Site Scripting (1.01) CVE-2011-5180
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45) CVE-2021-39316
WordPress Plugin Zotpress 'citation' Parameter Cross-Site Scripting (2.6.1)
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)
WordPress Plugin Zotpress SQL Injection (6.1.2) CVE-2016-1000217
WordPress Plugin ZTR Zeumic Work Timer Multiple Unspecified Vulnerabilities (1.0.6)
WordPress Plugin ZWM Zeumic Work Management Multiple Unspecified Vulnerabilities (1.0.11)
WordPress Plugin ZX_CSV Upload Multiple Vulnerabilities (1)
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4) CVE-2017-8295
WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1) CVE-2017-16510
WordPress readme.html file
WordPress Resource Management Errors Vulnerability (CVE-2014-5265) CVE-2014-5265
WordPress Resource Management Errors Vulnerability (CVE-2014-5266) CVE-2014-5266
WordPress REST API User Enumeration
WordPress Same Origin Method Execution (SOME) Vulnerability (0.70 - 3.7.13) CVE-2016-4566
WordPress Server-Side Request Forgery (3.7 - 6.1.1) CVE-2022-3590
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-4029) CVE-2016-4029
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-9066) CVE-2017-9066
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669) CVE-2019-17669
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670) CVE-2019-17670
WordPress Super Socialat backdoor plugin
WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS) CVE-2019-17230 CVE-2019-17231
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590) CVE-2022-3590
WordPress Ultimate Member Plugin Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-6859) CVE-2020-6859
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10673) CVE-2019-10673
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216) CVE-2023-31216
WordPress Ultimate Member Plugin CVE-2019-10271 Vulnerability (CVE-2019-10271) CVE-2019-10271
WordPress Ultimate Member Plugin CVE-2020-36157 Vulnerability (CVE-2020-36157) CVE-2020-36157
WordPress Ultimate Member Plugin CVE-2020-36170 Vulnerability (CVE-2020-36170) CVE-2020-36170
WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3361) CVE-2022-3361
WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3966) CVE-2022-3966
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8354) CVE-2015-8354
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9304) CVE-2015-9304
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10872) CVE-2016-10872
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0585) CVE-2018-0585
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-6944) CVE-2018-6944
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13136) CVE-2018-13136
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17866) CVE-2018-17866
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20965) CVE-2018-20965
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14945) CVE-2019-14945
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14946) CVE-2019-14946
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14947) CVE-2019-14947
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-24306) CVE-2021-24306
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1208) CVE-2022-1208
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36155) CVE-2020-36155
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36156) CVE-2020-36156
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383) CVE-2022-3383
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3384) CVE-2022-3384
WordPress Ultimate Member Plugin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-1209) CVE-2022-1209
WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10270) CVE-2019-10270
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389) CVE-2018-6389
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622) CVE-2023-22622
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028) CVE-2018-14028
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725) CVE-2017-14725
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100) CVE-2018-10100
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101) CVE-2018-10101
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-16220) CVE-2019-16220
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048) CVE-2020-4048
WordPress Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2007-6013) CVE-2007-6013
WordPress Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2017-5493) CVE-2017-5493
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091) CVE-2017-17091
WordPress User-Agent SQL Injection Vulnerability (1.5.2) CVE-2006-1012
WordPress username enumeration
WordPress user registration enabled
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077 CVE-2012-6078 CVE-2012-6079
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412) CVE-2014-6412
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295) CVE-2017-8295
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2020-11027) CVE-2020-11027
WordPress XML-RPC authentication brute force
WPEngine _wpeprivate/config.json information disclosure
WSO2 Management Console XSS (CVE-2022-29548) CVE-2022-29548
WS_FTP AHT Deserialization RCE (CVE-2023-40044) CVE-2023-40044