CVE-2024-13234

The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress Email Subscribers by Icegram Express 5.7.14 SQL Injection

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress and WooCommerce plugin for WordPress is vulnerable to SQL Injection via the run function of the IGESSubscribersQuery class in all versions up to, and including, 5.7.14 due to insufficient escaping on...

PT-2025-2081 · WordPress · Super Socializer

Name of the Vulnerable Software and Affected Versions: Super Socializer plugin for WordPress versions up to, and including, 7.14 Description: The issue is related to a Limited SQL Injection vulnerability via the SuperSocializerKey parameter. This vulnerability is caused by insufficient escaping o...

WordPress plugin Ultimate Member SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2024-12615

The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb-prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected...

WordPress plugin Elementor Addon Elements 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress Event Monster 1.4.3 Information Disclosure Vulnerability

CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Expor...

CVE-2024-11396 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...

CVE-2024-11915

The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-12472 Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure

The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphrduplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-lev...

PT-2025-1713 · WordPress · Rraddons For Elementor

Name of the Vulnerable Software and Affected Versions: RRAddons for Elementor plugin for WordPress version 1.1.0 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts due to insufficient restrictions o...

WordPress plugin RRAddons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-12067 WP Travel – Ultimate Travel Booking System, Tour Management Engine <= 10.0.0 - Authenticated (Subscriber+) SQL Injection

The WP Travel – Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'bookingitinerary' parameter of the 'wptravelgetbookingdata' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied...

CVE-2024-12030 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated (Contributor+) SQL Injection

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdfvalue' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-12159

The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the printphpinformation.php being publicly accessible. This makes it possible for unauthenticated attackers to...

CVE-2024-12159 Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Information Exposure

The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the printphpinformation.php being publicly accessible. This makes it possible for unauthenticated attackers to...

BREACH Attack

ibexa/http-cache is vulnerable to the BREACH Attack. The vulnerability is due to improper handling of HTTP compression, allowing secrets to be extracted through carefully crafted requests...

CVE-2024-12335

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-12335 Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...