Vulnerability Name CVE Severity
WordPress Plugin Zendesk Help Center by BestWebSoft Cross-Site Scripting (1.0.4) CVE-2017-2171
WordPress Plugin Zeno Font Resizer Cross-Site Scripting (1.7.9) CVE-2023-25442
WordPress Plugin Zephyr Project Manager Cross-Site Scripting (3.2.40) CVE-2022-1822
WordPress Plugin Zephyr Project Manager Multiple Vulnerabilities (3.2.42) CVE-2022-2840
WordPress Plugin Zero BS WordPress CRM Cross-Site Request Forgery (2.99.9)
WordPress Plugin Zero Spam SQL Injection (2.1.2)
WordPress Plugin Zibbra Cross-Site Scripting (1.7.0)
WordPress Plugin Zielke Specialized Catalog Arbitrary File Upload (3.0.7)
WordPress Plugin Zingiri Web Shop 'abspath' Parameter Remote File Include (2.4.6)
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)
WordPress Plugin Zingiri Web Shop 'uploadfilexd.php' Arbitrary File Upload (2.4.3)
WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)
WordPress Plugin Zingiri Web Shop Cookie Multiple SQL Injection Vulnerabilities (2.4.7)
WordPress Plugin Zingiri Web Shop Cross-Site Scripting (2.4.2)
WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (2.3.5)
WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting Vulnerabilities (2.4.1) CVE-2012-6506
WordPress Plugin Zingiri Web Shop Unspecified Vulnerability (2.6.5)
WordPress Plugin Zip Attachments Arbitrary File Download (1.4) CVE-2015-4694
WordPress Plugin Zlick Paywall Security Bypass (2.2.1)
WordPress Plugin zM Ajax Login & Register Multiple Vulnerabilities (1.0.9) CVE-2015-4153 CVE-2015-4465
WordPress Plugin ZM Gallery SQL Injection (1.0)
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.6.9.1) CVE-2019-19306
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.7.2.8) CVE-2021-33849
WordPress Plugin Zoho CRM Lead Magnet Unspecified Vulnerability (1.7.2.9)
WordPress Plugin Zoho SalesIQ Multiple Vulnerabilities (1.0.8) CVE-2019-5962 CVE-2019-5963 CVE-2019-15644 CVE-2019-15645
WordPress Plugin ZooEffect for Video player Photo Gallery Slideshow jQuery and audio/music/podcast-HTML Cross-Site Scripting (1.01) CVE-2011-5180
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45) CVE-2021-39316
WordPress Plugin Zotpress 'citation' Parameter Cross-Site Scripting (2.6.1)
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)
WordPress Plugin Zotpress SQL Injection (6.1.2) CVE-2016-1000217
WordPress Plugin ZTR Zeumic Work Timer Multiple Unspecified Vulnerabilities (1.0.6)
WordPress Plugin ZWM Zeumic Work Management Multiple Unspecified Vulnerabilities (1.0.11)
WordPress Plugin ZX_CSV Upload Multiple Vulnerabilities (1)
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4) CVE-2017-8295
WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1) CVE-2017-16510
WordPress readme.html file
WordPress Resource Management Errors Vulnerability (CVE-2014-5265) CVE-2014-5265
WordPress Resource Management Errors Vulnerability (CVE-2014-5266) CVE-2014-5266
WordPress REST API User Enumeration
WordPress Same Origin Method Execution (SOME) Vulnerability (0.70 - 3.7.13) CVE-2016-4566
WordPress Server-Side Request Forgery (3.7 - 6.1.1) CVE-2022-3590
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-9066) CVE-2017-9066
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669) CVE-2019-17669
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670) CVE-2019-17670
WordPress Super Socialat backdoor plugin
WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS) CVE-2019-17230 CVE-2019-17231
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590) CVE-2022-3590
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389) CVE-2018-6389
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622) CVE-2023-22622
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028) CVE-2018-14028
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725) CVE-2017-14725
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100) CVE-2018-10100
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101) CVE-2018-10101
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-16220) CVE-2019-16220
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-4048) CVE-2020-4048
WordPress Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2017-5493) CVE-2017-5493
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091) CVE-2017-17091
WordPress User-Agent SQL Injection Vulnerability (1.5.2) CVE-2006-1012
WordPress username enumeration
WordPress user registration enabled
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077 CVE-2012-6078 CVE-2012-6079
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412) CVE-2014-6412
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295) CVE-2017-8295
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2020-11027) CVE-2020-11027
WordPress XML-RPC authentication brute force
WPEngine _wpeprivate/config.json information disclosure
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
X-Forwarded-For HTTP header security bypass
Xdebug remote code execution via xdebug.remote_connect_back
XML entity injection
XML external entity injection
XML external entity injection (variant)
XML external entity injection and XML injection
XML External Entity Injection via external file