CVE-2025-60092 WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through = 3.3.25...

WordPress WP-DownloadManager plugin <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.68.11...

WordPress Team Manager plugin <= 2.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Team Manager versions = 2.5.1...

WordPress JS Job Manager Plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin JS Job Manager versions = 2.0.2...

CVE-2025-58222 WordPress Team Manager plugin <= 2.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maidul Team Manager wp-team-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Manager: from n/a through = 2.5.1...

CVE-2025-58222

CVE-2025-58222 describes a Missing Authorization vulnerability in the WordPress Team Manager plugin (Maidul Team Manager), affecting Team Manager versions up to 2.3.14 per the initial description and up to 2.3.16 per Wordfence vulnerability listings. The CVSS 3.1 vector indicates a Medium impact ...

CVE-2025-58234

CVE-2025-58234 is a Stored XSS vulnerability in the WordPress plugin JS Job Manager. Connected sources identify the affected component as JS Job Manager and specify vulnerability type as Stored Cross-Site Scripting, affecting versions up to and including 2.0.2. The Wordfence report lists CVSS v3....

CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

WordPress plugin WP Project Manager 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A vulnerabilit...

CVE-2025-10146

The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘userids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

WordPress Download Manager plugin <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter vulnerability

Reflected Cross-Site Scripting via userids Parameter vulnerability discovered by vgo0 in WordPress Plugin Download Manager versions = 3.3.23...

VulnCheck KEV: CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

Linux Distros Unpatched Vulnerability : CVE-2022-2839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated user...

CVE-2025-58211 WordPress Chatbox Manager Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Stored XSS.This issue affects Chatbox Manager: from n/a through = 1.2.6...

CVE-2025-49053 WordPress WP Airdrop Manager plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kadesthemes WP Airdrop Manager airdrop allows Stored XSS.This issue affects WP Airdrop Manager: from n/a through = 1.0.5...

CVE-2025-52731 WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24...

WordPress plugin WordPress Event Manager, Event Calendar and Booking Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-33210 · WordPress · Event Calendar/Booking Plugin +1

Name of the Vulnerable Software and Affected Versions: WordPress Event Manager, Event Calendar and Booking Plugin versions through 4.0.24 Description: The software contains an improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS...