Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

WordPress - HackerOne Reports

View on HackerOne

82

Total Reports

4

Critical

18

High

31

Medium

19

Low

Stored XSS on byddypress Plug-in via groups name

Reported by: yxw21 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

"Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons

Reported by: irsdl | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Reflected XSS: Taxonomy Converter via tax parameter

Reported by: foobar7 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Allow authenticated users can edit, trash,and add new in BuddyPress Emails function

Reported by: hoangkien1020 | Disclosed:

Medium

Weakness: Privilege Escalation

[BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint

Reported by: ysx | Disclosed:

Low

Weakness: Open Redirect

CSRF to HTML Injection in Comments

Reported by: simonscannell | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Stored XSS on Wordpress 5.3 via Title Post

Reported by: muhammaddaffa | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Wordpress unzip_file path traversal

Reported by: ajxchapman | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

CSRF on comment post

Reported by: lamscun | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Self-XSS in WordPress Editor Link Modal

Reported by: anas2024 | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce

Reported by: simonscannell | Disclosed:

High

Weakness: Business Logic Errors

Lack of Sanitization and Insufficient Authentication

Reported by: rahulpratap | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Reflected XSS on https://make.wordpress.org via 'channel' parameter

Reported by: gnux | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Stored XSS in Post Preview as Contributor

Reported by: simonscannell | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

DOM Based XSS In mercantile.wordpress.org

Reported by: pabster | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Unauthenticated WordPress Database Repair DoS

Reported by: wshadow | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled

Reported by: geeknik | Disclosed:

Weakness: Violation of Secure Design Principles

Unauthenticated hidden groups disclosure via Ajax groups search

Reported by: jdgrimes | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Authenticated XXE

Reported by: sonarsource | Disclosed:

Medium

Weakness: XML External Entities (XXE)

Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE.

Reported by: skansing | Disclosed:

Medium

Previous Page 4 of 5 Next