Vulnerability Name CVE Severity
WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)
WordPress Plugin OneSignal-Web Push Notifications Cross-Site Scripting (1.17.7) CVE-2019-15827
WordPress Plugin One User Avatar-User Profile Picture Multiple Vulnerabilities (2.3.6) CVE-2021-24672 CVE-2021-24675
WordPress Plugin One User Avatar-User Profile Picture Unspecified Vulnerability (2.3.8)
WordPress Plugin Online Hotel Booking System Pro Cross-Site Scripting (1.1) CVE-2020-15536
WordPress Plugin Online Hotel Booking System Pro SQL Injection (1.0)
WordPress Plugin Online Lesson Booking Multiple Vulnerabilities (0.8.6) CVE-2019-5972 CVE-2019-5973
WordPress Plugin On Page SEO + Social Live Chat (Formerly OPS) Cross-Site Scripting (1.0.1) CVE-2021-38332
WordPress Plugin Ooorl Cross-Site Scripting (1.0.0) CVE-2014-4542
WordPress Plugin Opal Estate Cross-Site Request Forgery (1.6.11)
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4) CVE-2009-4140
WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Cross-Site Scripting (2.2.4) CVE-2018-0579
WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Unspecified Vulnerability (2.2.4.1)
WordPress Plugin OpenID Connect Generic Client Cross-Site Scripting (3.8.1) CVE-2021-24214
WordPress Plugin Opening Hours Cross-Site Scripting (2.3.0) CVE-2022-4752
WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Cross-Site Scripting (1.1.1) CVE-2024-30450
WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Supply Chain Attack [Polyfill.io] (1.1.2)
WordPress Plugin OPS Old Post Spinner 'ops_file' Parameter Local File Include (2.2.1)
WordPress Plugin Optimize images ALT Text (alt tag) & names for SEO using AI Cross-Site Request Forgery (2.0.7) CVE-2022-4548
WordPress Plugin OptionTree Cross-Site Scripting (2.5.3)
WordPress Plugin OptionTree Cross-Site Scripting (2.5.5)
WordPress Plugin OptionTree PHP Object Injection (2.6.0) CVE-2019-15319
WordPress Plugin OptionTree PHP Object Injection (2.7.2) CVE-2019-15320 CVE-2019-15321
WordPress Plugin oQey Gallery 'gal_id' Parameter SQL Injection (0.4.8)
WordPress Plugin oQey Gallery 'tbpv_domain' Parameter Cross-Site Scripting (0.2)
WordPress Plugin oQey Headers 'oqey_settings.php' SQL Injection (0.3)
WordPress Plugin Orbit Fox by ThemeIsle Multiple Vulnerabilities (2.10.2)
WordPress Plugin Order Export & Order Import for WooCommerce Cross-Site Request Forgery (1.6.0)
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
WordPress Plugin Order XML File Export Import for WooCommerce Cross-Site Request Forgery (1.3.0)
WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1) CVE-2012-6511 CVE-2012-6512
WordPress Plugin OSD Subscribe Cross-Site Scripting (1.2.3) CVE-2021-38351
WordPress Plugin OSM-OpenStreetMap SQL Injection (6.0.2) CVE-2024-3604
WordPress Plugin Otter-Gutenberg Blocks-Page Builder for Gutenberg Editor & FSE PHAR Deserialization (2.2.5) CVE-2023-2288
WordPress Plugin Our Team Showcase Cross-Site Request Forgery (1.2) CVE-2014-9523
WordPress Plugin P3 (Plugin Performance Profiler) Cross-Site Scripting (1.5.3.8)
WordPress Plugin Package Quantity Discount Security Bypass (1.1.2)
WordPress Plugin Page-list Cross-Site Scripting (5.2) CVE-2022-4485
WordPress Plugin Page and Post Clone Information Disclosure (1.1)
WordPress Plugin Page Animations And Transitions Unspecified Vulnerability (2.1.8)
WordPress Plugin Page Builder, Website Builder:Simply Symphony! & Flux Live!-Full Drag And Drop Front End Vi Cross-Site Scripting (0.2.7.9)
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Arbitrary File Upload (2.7.4)
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.7.6)
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.7.9) CVE-2019-9910
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.8.2)
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Cross-Site Scripting (2.9.4) CVE-2020-15299
WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Multiple Vulnerabilities (2.9.2)
WordPress Plugin Page Builder:Live Composer Cross-Site Scripting (1.5.22) CVE-2022-4669
WordPress Plugin Page Builder:PageLayer-Drag and Drop website builder Cross-Site Request Forgery (1.1.1) CVE-2020-35944 CVE-2020-35947
WordPress Plugin Page Builder:PageLayer-Drag and Drop website builder Cross-Site Scripting (1.3.4)
WordPress Plugin Page Builder by SiteOrigin Cross-Site Request Forgery (2.10.15) CVE-2020-13642 CVE-2020-13643
WordPress Plugin Page Builder by SiteOrigin Cross-Site Scripting (2.0.4)
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2) CVE-2008-5752
WordPress Plugin Page Generator Cross-Site Scripting (1.5.8)
WordPress Plugin Page Restrict Cross-Site Scripting (2.2.1)
WordPress Plugin Page Restrict Open Redirect (2.2.3)
WordPress Plugin Page Showcaser Boxes Cross-Site Scripting (1.1)
WordPress Plugin Page Visit Counter SQL Injection (4.0.9)
WordPress Plugin Pagination by BestWebSoft Cross-Site Scripting (1.0.6) CVE-2017-2171 CVE-2017-2171 CVE-2017-18527
WordPress Plugin Paid Business Listings Blind SQL Injection (1.0.2)
WordPress Plugin Paid Downloads 'download_key' Parameter SQL Injection (2.01)
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (1.9.18)
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (3.1.10) CVE-2021-24522
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (3.2.15)
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (4.5.3) CVE-2023-23996
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (4.5.4) CVE-2023-23820
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Cross-Site Scripting Vulnerabilities (3.2.2) CVE-2021-24954 CVE-2021-24955
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Cross-Site Scripting Vulnerabilities (4.5.0) CVE-2022-4697 CVE-2022-4698
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Vulnerabilities (3.1.3) CVE-2021-34621 CVE-2021-34622 CVE-2021-34623 CVE-2021-34624
WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress PHP Object Injection (4.3.2) CVE-2022-45083
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Insecure Direct Object Reference (3.0.4) CVE-2024-37277
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (2.9.11) CVE-2023-0631
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (3.0.5) CVE-2024-37486
WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Unspecified Vulnerability (2.10.5)
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)