VulnCheck KEV: CVE-2025-14437

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

CVE-2022-0994

The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2025-14437

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

WordPress Hummingbird plugin <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File vulnerability

Unauthenticated Sensitive Information Exposure via Log File vulnerability discovered by ISMAILSHADOW in WordPress Plugin Hummingbird versions = 3.18.0...

CVE-2025-14437 Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

EUVD-2025-204263

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

CVE-2025-14437 Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

CVE-2025-14437

The vulnerability CVE-2025-14437 affects the Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals plugin for WordPress. It enables unauthenticated access to sensitive data via the plugin’s request function, including Cloudflare API credentials, across all versions up to a...

WordPress plugin Hummingbird Performance 日志信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A log information...

EUVD-2022-15987

Malicious code in bioql PyPI...

CVE-2023-1478

The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module...

CVE-2024-43118

Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1...

WordPress plugin Hummingbird 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-43117

Cross-Site Request Forgery CSRF vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1...

WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Hummingbird versions = 3.9.1...

WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Hummingbird versions = 3.9.1...

WordPress Hummingbird Plugin <= 3.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Hummingbird Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43117 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 6f3eebbe9837 Credits Rafie Muhammad Patchstack...

CVE-2024-32792

Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3...

CVE-2024-32792 WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through = 3.7.3...

CVE-2024-32792 WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through = 3.7.3...