CVE-2026-8089 weMail < 2.1.3 - Reflected Cross-Site Scripting

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...

WordPress Transposh Translation <1.0.8 - Cross-Site Scripting

WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in...

HT Mega < 3.0.7 - Sensitive Information Disclosure

The HT Mega plugin for WordPress is vulnerable to Sensitive Information Exposure via AJAX actions. This template dynamically extracts the security nonce before exploitation. id: CVE-2026-4106 info: name: HT Mega 3.0.7 - Sensitive Information Disclosure author: EFETR severity: high description: |...

Combo Blocks < 2.2.76 - Improper Access Control

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts id:...

MLflow Job API - Authentication Bypass

MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

WCFM Membership <= 2.10.0 - Broken Access Control

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks true the AJAX actions: wcfm-memberships, wcfm-memberships-manage, and wcfm-memberships-settings. id: CVE-2022-4940 info:...

ARMember < 3.4.8 - Unauthenticated Admin Account Takeover

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. id:...

Ubigeo de Peru < 3.6.4 - SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections. id: CVE-2022-0814 info: name: Ubigeo de Peru 3.6.4 - SQL Injection author: r3Y3r53...

EventON <= 2.1 - Missing Authorization

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. id: CVE-2023-2796 info: name: EventON = 2.1 - Missing Authorizati...

CZ Loan Management <= 1.1 - SQL Injection

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-5975 info: name: CZ Loan Management = 1.1 - SQL Injection author...

WordPress Ninja Forms <3.4.34 - Open Redirect

WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wpajaxnfoauthconnect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive...

WordPress Super Socializer <7.13.30 - Cross-Site Scripting

WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its thechampsharingcount AJAX action available to both unauthenticated and authenticated users before outputting it back in the response...

WordPress Shareaholic <9.7.6 - Information Disclosure

WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated before 9.7.5 and authenticated in 9.7.5 users, allowing them to possibly obtain sensitive...

WordPress AJAX Random Post <=2.00 - Cross-Site Scripting

WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. id: CVE-2016-1000127 info: name: WordPress AJAX Random Post =2.00 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting...

The Events Calendar < 6.4.0.1 - Cross-site Scripting

The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...

WordPress JNews Theme <8.0.6 - Cross-Site Scripting

WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory. id: CVE-2021-24342 info: name: WordPress JNews Theme =8.0.6 to mitigate the XSS...

Cryptocurrency Widgets Pack < 2.0 - SQL Injection

The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2022-4059 info: name: Cryptocurrency Widgets Pack 2.0 - SQL Injection author: r3Y3r53 severity: critical description...

WordPress Directorist <7.3.1 - Information Disclosure

WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. id: CVE-2022-2376 info: name: WordPress Directorist 7.3.1 - Information Disclosure...

SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink id: CVE-2022-2535 info: name: SearchWP Live Ajax Search 1.6.2 -...