WordPress Plugin Vulnerabilities

Slug
Published
Title
Slug
gift-message-for-woocommerce
Published
2022-02-28
Title
Unauthorised AJAX Calls via Freemius
Slug
gift-message-for-woocommerce
Published
2023-07-18
Title
Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting
Slug
gift-message-for-woocommerce
Published
2025-03-27
Title
Gift Message for WooCommerce < 1.7.9 - Cross-Site Request Forgery
Slug
gift-up
Published
2023-11-03
Title
Gift Up Gift Cards for WordPress and WooCommerce < 2.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Slug
gift-up
Published
2023-12-04
Title
Gift Up < 2.22 - Settings Update via CSRF
Slug
gift-voucher
Published
2018-08-26
Title
Gift Voucher < 4.1.8 - Unauthenticated Blind SQL Injection
Slug
gift-voucher
Published
2023-03-22
Title
Gift Voucher < 4.3.3 - Subscriber+ SQLi
Slug
gift-voucher
Published
2024-04-12
Title
Gift Vouchers < 4.4.1 - Cross-Site Request Forgery
Slug
gift-voucher
Published
2024-10-30
Title
Gift Cards < 4.4.5 - Author+ Stored Cross-Site Scripting via SVG File Upload
Slug
gift-voucher
Published
2025-02-19
Title
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) < 4.5.0 - Missing Authorization to Unauthenticated Price, Date, and Note Updates
Slug
giga-messenger-bots
Published
2025-01-14
Title
Giga Messenger Bots <= 2.3.1 - Reflected XSS
Slug
gigpress
Published
2014-08-01
Title
GigPress 2.1.10 - Stored Cross-Site Scripting (XSS)
Slug
gigpress
Published
2015-05-25
Title
GigPress <= 2.3.8 - Authenticated SQL Injection
Slug
gigpress
Published
2015-08-24
Title
GigPress <= 2.3.10 - Authenticated XSS & Blind SQLi
Slug
gigpress
Published
2023-01-18
Title
GigPress < 2.3.28 - Contributor+ Stored XSS via Shortcode
Slug
gigpress
Published
2023-02-06
Title
GigPress <= 2.3.28 - Subscriber+ SQLi
Slug
gigpress
Published
2024-01-19
Title
GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
Slug
giphypress
Published
2024-04-29
Title
Giphypress <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Slug
gistpress
Published
2020-01-31
Title
GistPress < 3.0.2 - Authenticated Stored XSS
Slug
git-sync
Published
2024-12-11
Title
GitSync <= 1.1.0 - Cross-Site Request Forgery to Remote Code Execution
Slug
github-gist-shortcode
Published
2025-11-10
Title
GitHub Gist Shortcode Plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Slug
give
Published
2015-04-20
Title
Give - Cross-Site Scripting (XSS)
Slug
give
Published
2019-02-05
Title
Give <= 2.3.0 - Cross-Site Scripting (XSS)
Slug
give
Published
2019-08-12
Title
Give <= 2.5.0 - SQL Injection
Slug
give
Published
2019-05-15
Title
Give < 2.4.7 - Stored XSS