CVE-2026-1905

The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'showsphereimage' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2026-8080

The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'show sphere image' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

Monstra CMS 安全漏洞

Monstra CMS is a lightweight content management system CMS developed by Sergey Romanenko from Ukraine using PHP. Version 3.0.4 of Monstra CMS has a security vulnerability. This vulnerability stems from the Files Manager plugin, which allows arbitrary file uploads. The application relies on...

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

WordPress Revision Manager TMC plugin <= 2.8.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Revision Manager TMC versions = 2.8.22...

WordPress plugin WP Google Ad Manager Plugin cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-24603 WordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through = 1.1.8...

WordPress amr cron manager plugin <= 2.3 - Reflecte dCross Site Scripting (XSS) vulnerability

Reflecte dCross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin amr cron manager versions = 2.3...

CVE-2026-24365 WordPress Stock Manager for WooCommerce plugin < 3.6.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through 3.6.0...

ComfyUI-Manager CRLF Injection Vulnerability

ComfyUI is a popular node-based Stable Diffusion GUI widely used for building and executing AI image generation workflows.ComfyUI-Manager is an extension manager plugin for ComfyUI to simplify the management of installations of custom nodes, models and dependencies. ComfyUI-Manager suffers from a...

CVE-2013-7480

The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas...

CVE-2013-7479

The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field...

CVE-2019-16523

The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...

CVE-2024-2654

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fmdownloadbackup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the...

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

CVE-2023-52212 WordPress WP Job Manager plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0...

CVE-2025-63000 WordPress Sermon Manager plugin <= 2.30.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpforchurch Sermon Manager sermon-manager-for-wordpress allows Stored XSS.This issue affects Sermon Manager: from n/a through = 2.30.0...

CVE-2025-68992 WordPress BWL Knowledge Base Manager plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through = 1.6.3...