CVE-2025-8481

CVE-2025-8481 concerns the WordPress plugin “Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid” (version ≤ 1.1.7). The issue is a Cross‑Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the bdfe_install_activate_rswpbs_only function. The description states...

WordPress Blog Designer For Elementor plugin <= 1.1.7 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by wesley wcraft in WordPress Plugin Blog Designer For Elementor versions = 1.1.7...

PT-2025-37132

The Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.1.7. This is due to missing or incorrect nonce validation on the bdfe install activate rswpbs only function. This makes it possible for...

CVE-2025-47695

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-47694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-47695

CVE-2025-47695 affects WordPress Blog Designer PRO (plugin)

CVE-2025-47694

CVE-2025-47694 affects the WordPress plugin Blog Designer PRO (versions up to 3.4.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Several connected sources (Red Hat, NVD/CVE entries, Patchstack, PT-Software) corro...

CVE-2025-47695 WordPress Blog Designer PRO plugin <= 3.4.7 - Authenticated Non-Arbitrary Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-47694 WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-47695 WordPress Blog Designer PRO plugin <= 3.4.7 - Authenticated Non-Arbitrary Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

PT-2025-36765

Name of the Vulnerable Software and Affected Versions: solwin Blog Designer PRO versions through 3.4.7 Description: The software contains an improper neutralization of input during web page generation, which may lead to cross-site scripting. Recommendations: Update solwin Blog Designer PRO to a...

WordPress plugin Blog Designer PRO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-36766

Name of the Vulnerable Software and Affected Versions: solwin Blog Designer PRO versions through 3.4.7 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion. This allows for the inclusion of remote files,...

WordPress plugin Blog Designer PRO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Solwin Blog Designer PRO plugin file inclusion vulnerability

WordPress Solwin Blog Designer PRO plugin is a WordPress plugin, mainly used for customizing the design of blog pages, without coding to achieve a variety of style adjustments. A file inclusion vulnerability exists in the WordPress Solwin Blog Designer PRO plugin, which stems from not effectively...

CVE-2025-47696

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-47696 WordPress Blog Designer PRO plugin <= 3.4.7 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7...

CVE-2025-47696

CVE-2025-47696 affects WordPress: Solwin Blog Designer PRO plugin, vulnerable through an improper control of the filename for include/require statements, enabling a PHP Remote File Inclusion. Affected versions are Blog Designer PRO up to 3.4.7. The root cause is local file inclusion via unfiltere...

CVE-2025-47696 WordPress Blog Designer PRO plugin <= 3.4.7 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

PT-2025-35388

Name of the Vulnerable Software and Affected Versions: Solwin Blog Designer PRO versions through 3.4.7 Description: The software is susceptible to a PHP Remote File Inclusion issue due to improper control of filename for include/require statements. This allows for potential code execution...