98 matches found
News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...
EUVD-2026-29395
The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the wpsbdpostcarousel shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-4859
The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the wpsbdpostcarousel shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-4859
The CVE-2026-4859 entry pertains to the WordPress SP Blog Designer plugin, affected versions are all releases up to and including 1.0.0. The vulnerability is a Stored Cross-Site Scripting (XSS) via the design attribute of the wpsbd_post_carousel shortcode, caused by insufficient input sanitizatio...
WordPress plugin SP Blog Designer 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-39950
The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the wpsbd post carousel shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress SP Blog Designer plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin SP Blog Designer versions = 1.0.0...
WordPress Blog Designer - Post and Widget plugin <= 2.7.7 - Backdoor vulnerability
WordPress Blog Designer - Post and Widget plugin = 2.7.7 - Backdoor vulnerability discovered by ? in WordPress Plugin Blog Designer - Post and Widget versions = 2.7.7...
WordPress News and Blog Designer Bundle plugin <= 1.1 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin News and Blog Designer Bundle versions = 1.1...
CVE-2025-14502
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution...
CVE-2025-14502
News and Blog Designer Bundle (WordPress)
CVE-2025-14502 News and Blog Designer Bundle <= 1.1 - Unauthenticated Local File Inclusion
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution...
CVE-2025-58711
Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through = 3.4.8...
EUVD-2025-36633
Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through = 3.4.8...
CVE-2025-58711
Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through = 3.4.8...
CVE-2025-58711 WordPress Blog Designer PRO plugin <= 3.4.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through = 3.4.8...
CVE-2025-58711
CVE-2025-58711 affects the WordPress Blog Designer PRO plugin up to version 3.4.8. The root cause is missing authorization checking, allowing access to functionality not properly constrained by ACLs. Impact is unauthorized access to constrained features; exploitation status is not provided in the...
CVE-2025-58711 WordPress Blog Designer PRO plugin <= 3.4.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through = 3.4.8...
PT-2025-44238
Name of the Vulnerable Software and Affected Versions solwin Blog Designer PRO versions through 3.4.8 Description A missing authorization issue exists in solwin Blog Designer PRO, allowing access to functionality that is not properly constrained by Access Control Lists ACLs. Recommendations Updat...
WordPress plugin Blog Designer PRO 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...