Vulnerability Name CVE Severity
WordPress Plugin OneLogin SAML SSO Security Bypass (2.2.0)
WordPress Plugin OneLogin SAML SSO Unspecified Vulnerability (2.1.8)
WordPress Plugin One page checkout and layouts for woocommerce Unspecified Vulnerability (2.7)
WordPress Plugin OnePress Social Locker Multiple Cross-Site Scripting Vulnerabilities (4.2.0)
WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)
WordPress Plugin OneSignal-Web Push Notifications Cross-Site Scripting (1.17.7) CVE-2019-15827
WordPress Plugin One User Avatar-User Profile Picture Multiple Vulnerabilities (2.3.6) CVE-2021-24672 CVE-2021-24675
WordPress Plugin One User Avatar-User Profile Picture Unspecified Vulnerability (2.3.8)
WordPress Plugin Online Hotel Booking System Pro Cross-Site Scripting (1.1) CVE-2020-15536
WordPress Plugin Online Hotel Booking System Pro SQL Injection (1.0)
WordPress Plugin Online Lesson Booking Multiple Vulnerabilities (0.8.6) CVE-2019-5972 CVE-2019-5973
WordPress Plugin On Page SEO + Social Live Chat (Formerly OPS) Cross-Site Scripting (1.0.1) CVE-2021-38332
WordPress Plugin Ooorl Cross-Site Scripting (1.0.0) CVE-2014-4542
WordPress Plugin Opal Estate Cross-Site Request Forgery (1.6.11)
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4) CVE-2009-4140
WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Cross-Site Scripting (2.2.4) CVE-2018-0579
WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Unspecified Vulnerability (2.2.4.1)
WordPress Plugin OpenID Connect Generic Client Cross-Site Scripting (3.8.1) CVE-2021-24214
WordPress Plugin Opening Hours Cross-Site Scripting (2.3.0) CVE-2022-4752
WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Cross-Site Scripting (1.1.1) CVE-2024-30450
WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Supply Chain Attack [Polyfill.io] (1.1.2)
WordPress Plugin OPS Old Post Spinner 'ops_file' Parameter Local File Include (2.2.1)
WordPress Plugin Optimize images ALT Text (alt tag) & names for SEO using AI Cross-Site Request Forgery (2.0.7) CVE-2022-4548
WordPress Plugin OptionTree Cross-Site Scripting (2.5.3)
WordPress Plugin OptionTree Cross-Site Scripting (2.5.5)
WordPress Plugin OptionTree PHP Object Injection (2.6.0) CVE-2019-15319
WordPress Plugin OptionTree PHP Object Injection (2.7.2) CVE-2019-15320 CVE-2019-15321
WordPress Plugin oQey Gallery 'gal_id' Parameter SQL Injection (0.4.8)
WordPress Plugin oQey Gallery 'tbpv_domain' Parameter Cross-Site Scripting (0.2)
WordPress Plugin oQey Headers 'oqey_settings.php' SQL Injection (0.3)
WordPress Plugin Orbit Fox by ThemeIsle Multiple Vulnerabilities (2.10.2)
WordPress Plugin Order Export & Order Import for WooCommerce Cross-Site Request Forgery (1.6.0)
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
WordPress Plugin Order XML File Export Import for WooCommerce Cross-Site Request Forgery (1.3.0)
WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1) CVE-2012-6511 CVE-2012-6512
WordPress Plugin OSD Subscribe Cross-Site Scripting (1.2.3) CVE-2021-38351
WordPress Plugin OSM-OpenStreetMap SQL Injection (6.0.2) CVE-2024-3604
WordPress Plugin Otter-Gutenberg Blocks-Page Builder for Gutenberg Editor & FSE PHAR Deserialization (2.2.5) CVE-2023-2288
WordPress Plugin Our Team Showcase Cross-Site Request Forgery (1.2) CVE-2014-9523
WordPress Plugin P3 (Plugin Performance Profiler) Cross-Site Scripting (1.5.3.8)
WordPress Plugin Package Quantity Discount Security Bypass (1.1.2)
WordPress Plugin Page-list Cross-Site Scripting (5.2) CVE-2022-4485
WordPress Plugin Page and Post Clone Information Disclosure (1.1)
WordPress Plugin Page Animations And Transitions Unspecified Vulnerability (2.1.8)
WordPress Plugin Page Builder, Website Builder:Simply Symphony! & Flux Live!-Full Drag And Drop Front End Vi Cross-Site Scripting (0.2.7.9)
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Arbitrary File Upload (2.7.4)
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.7.6)
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.7.9) CVE-2019-9910
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.8.2)
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.9.4) CVE-2020-15299
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Multiple Vulnerabilities (2.9.2)
WordPress Plugin Page Builder:Live Composer Cross-Site Scripting (1.5.22) CVE-2022-4669
WordPress Plugin Page Builder:PageLayer-Drag and Drop website builder Cross-Site Request Forgery (1.1.1) CVE-2020-35944 CVE-2020-35947
WordPress Plugin Page Builder:PageLayer-Drag and Drop website builder Cross-Site Scripting (1.3.4)
WordPress Plugin Page Builder by SiteOrigin Cross-Site Request Forgery (2.10.15) CVE-2020-13642 CVE-2020-13643
WordPress Plugin Page Builder by SiteOrigin Cross-Site Scripting (2.0.4)
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2) CVE-2008-5752
WordPress Plugin Page Generator Cross-Site Scripting (1.5.8)
WordPress Plugin Page Restrict Cross-Site Scripting (2.2.1)
WordPress Plugin Page Restrict Open Redirect (2.2.3)
WordPress Plugin Page Showcaser Boxes Cross-Site Scripting (1.1)
WordPress Plugin Page Visit Counter SQL Injection (4.0.9)
WordPress Plugin Pagination by BestWebSoft Cross-Site Scripting (1.0.6) CVE-2017-2171 CVE-2017-2171 CVE-2017-18527
WordPress Plugin Paid Business Listings Blind SQL Injection (1.0.2)
WordPress Plugin Paid Downloads 'download_key' Parameter SQL Injection (2.01)
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (1.9.18)
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (3.1.10) CVE-2021-24522
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (3.2.15)
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (4.5.3) CVE-2023-23996
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (4.5.4) CVE-2023-23820
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Cross-Site Scripting Vulnerabilities (3.2.2) CVE-2021-24954 CVE-2021-24955
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Cross-Site Scripting Vulnerabilities (4.5.0) CVE-2022-4697 CVE-2022-4698
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Vulnerabilities (3.1.3) CVE-2021-34621 CVE-2021-34622 CVE-2021-34623 CVE-2021-34624
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress PHP Object Injection (4.3.2) CVE-2022-45083
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Insecure Direct Object Reference (3.0.4) CVE-2024-37277