Vulnerability Name CVE Severity
WordPress Plugin Zip Attachments Arbitrary File Download (1.4) CVE-2015-4694
WordPress Plugin Zita Elementor Site Library Arbitrary File Upload (1.6.1) CVE-2024-37420
WordPress Plugin Zlick Paywall Security Bypass (2.2.1)
WordPress Plugin zM Ajax Login & Register Multiple Vulnerabilities (1.0.9) CVE-2015-4153 CVE-2015-4465
WordPress Plugin ZM Gallery SQL Injection (1.0) CVE-2016-10940
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.6.9.1) CVE-2019-19306
WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.7.2.8) CVE-2021-33849
WordPress Plugin Zoho CRM Lead Magnet Unspecified Vulnerability (1.7.2.9)
WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7) CVE-2024-37225
WordPress Plugin Zoho SalesIQ Multiple Vulnerabilities (1.0.8) CVE-2019-5962 CVE-2019-5963 CVE-2019-15644 CVE-2019-15645
WordPress Plugin ZooEffect for Video player Photo Gallery Slideshow jQuery and audio/music/podcast-HTML Cross-Site Scripting (1.01) CVE-2011-5180
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45) CVE-2021-39316
WordPress Plugin Zotpress 'citation' Parameter Cross-Site Scripting (2.6.1)
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)
WordPress Plugin Zotpress SQL Injection (6.1.2) CVE-2016-1000217
WordPress Plugin ZTR Zeumic Work Timer Multiple Unspecified Vulnerabilities (1.0.6)
WordPress Plugin ZWM Zeumic Work Management Multiple Unspecified Vulnerabilities (1.0.11)
WordPress Plugin ZX_CSV Upload Multiple Vulnerabilities (1)
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4) CVE-2017-8295
WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1) CVE-2017-16510
WordPress Same Origin Method Execution (SOME) Vulnerability (0.70 - 3.7.13) CVE-2016-4566
WordPress Server-Side Request Forgery (3.7 - 6.1.1) CVE-2022-3590
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-4029) CVE-2016-4029
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-9066) CVE-2017-9066
WordPress Super Socialat backdoor plugin
WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS) CVE-2019-17230 CVE-2019-17231
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10673) CVE-2019-10673
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216) CVE-2023-31216
WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3966) CVE-2022-3966
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-0308) CVE-2025-0308
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36156) CVE-2020-36156
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383) CVE-2022-3383
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3384) CVE-2022-3384
WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10270) CVE-2019-10270
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389) CVE-2018-6389
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622) CVE-2023-22622
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028) CVE-2018-14028
WordPress Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2017-5493) CVE-2017-5493
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091) CVE-2017-17091
WordPress User-Agent SQL Injection Vulnerability (1.5.2) CVE-2006-1012
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077 CVE-2012-6078 CVE-2012-6079
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412) CVE-2014-6412
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2020-11027) CVE-2020-11027
WPEngine _wpeprivate/config.json information disclosure
WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-6449) CVE-2023-6449
X-Forwarded-For HTTP header security bypass
Xdebug remote code execution via xdebug.remote_connect_back
XML entity injection
XML external entity injection
XML external entity injection (variant)
XML external entity injection and XML injection
XML External Entity Injection via external file
XML external entity injection via File Upload
XML quadratic blowup denial of service attack
XOOPS CVE-2009-3963 Vulnerability (CVE-2009-3963) CVE-2009-3963
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0612) CVE-2008-0612
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296) CVE-2008-3296
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2002-2391) CVE-2002-2391
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0611) CVE-2008-0611
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-4433) CVE-2008-4433
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5665) CVE-2008-5665
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7290) CVE-2017-7290
XOOPS Other Vulnerability (CVE-2005-0743) CVE-2005-0743
XOOPS Other Vulnerability (CVE-2005-2113) CVE-2005-2113
XOOPS Other Vulnerability (CVE-2007-0377) CVE-2007-0377
XPath injection vulnerability
XSLT injection
XWiki Cleartext Storage of Sensitive Information Vulnerability (CVE-2023-50719) CVE-2023-50719
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-41927) CVE-2022-41927
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-29213) CVE-2023-29213
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-40572) CVE-2023-40572
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-46242) CVE-2023-46242
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-48293) CVE-2023-48293
XWiki CVE-2022-31166 Vulnerability (CVE-2022-31166) CVE-2022-31166