Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

WordPress - HackerOne Reports

View on HackerOne

82

Total Reports

4

Critical

18

High

31

Medium

19

Low

pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment

Reported by: simonscannell | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

[mercantile.wordpress.org] Reflected XSS

Reported by: zeeshank | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

CSRF in Profile Fields allows deleting any field in BuddyPress

Reported by: hoangkien1020 | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Lack of Password Confirmation when Changing Password and Email

Reported by: 0xspade | Disclosed:

wp-embed XSS on Safari

Reported by: zoczus | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Administrator(s) Information disclosure via JSON on wordpress.org

Reported by: 596a96cc7bf9108cd896f33c4 | Disclosed:

Medium

Weakness: Information Disclosure

Multiple stored XSS in WordPress

Reported by: opnsec | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

XSS in the search bar of mercantile.wordpress.org

Reported by: codertom | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

WordPress Automatic Update Protocol Does Not Authenticate Updates Provided by the Server

Reported by: paragonie-scott | Disclosed:

High

Weakness: Cryptographic Issues - Generic

xss - reflected

Reported by: arunthelegion | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Potential unprivileged Stored XSS through wp_targeted_link_rel

Reported by: simonscannell | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Clickjacking In jobs.wordpress.net

Reported by: zeeshan_waheed | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Infrastructure - Photon - SSRF

Reported by: skansing | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Parameter tampering : Price Manipulation of Products

Reported by: ashketchum | Disclosed:

Weakness: Business Logic Errors

Privilege Escalation in BuddyPress core allows Moderate to Administrator

Reported by: hoangkien1020 | Disclosed:

Medium

Improper Access Control in Buddypress core allows reply,delete any user's activity

Reported by: hoangkien1020 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

XSS on support.wordcamp.org in ajax-quote.php

Reported by: mopman | Disclosed:

Weakness: Cross-site Scripting (XSS) - Reflected

WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure

Reported by: b258ea62bf297b02afa9854 | Disclosed:

Critical

Weakness: SQL Injection

XSS via unicode characters in upload filename

Reported by: kahoots | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Mssing Authorization on Private Message replies (BuddyPress)

Reported by: klmunday | Disclosed:

Low

Weakness: Improper Access Control - Generic

Previous Page 2 of 5 Next