Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

PT-2026-34316

The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...

WordPress plugin WP AUDIO GALLERY 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

PT-2026-2350

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

CVE-2025-67631 WordPress Gift Hunt plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through = 2.0.2...

CVE-2025-63033 WordPress Make Section & Column Clickable For Elementor plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a throu...

PT-2025-46266

Name of the Vulnerable Software and Affected Versions Crypto plugin for WordPress versions prior to 2.23 Description The software is susceptible to information exposure due to an unauthenticated AJAX action, wp ajax nopriv crypto connect ajax process, which allows calling the register and savenft...

CVE-2025-57935 WordPress Bot Block – Stop Spam Referrals in Google Analytics Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ricky Dawn Bot Block Stop Spam Referrals in Google Analytics allows Stored XSS. This issue affects Bot Block Stop Spam Referrals in Google Analytics: from n/a through 2.6...

CVE-2025-58229 WordPress Sitekit Plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Sitekit sitekit allows Stored XSS.This issue affects Sitekit: from n/a through = 2.0...

CVE-2025-58232 WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ickata Image Editor by Pixo image-editor-by-pixo allows DOM-Based XSS.This issue affects Image Editor by Pixo: from n/a through = 2.3.8...

WordPress plugin Analytics Reduce Bounce Rate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-9377

The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticat...

WordPress SW Plus Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin SW Plus versions = 2.1...

CVE-2024-12709

The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2025-23872 WordPress PayForm plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in payform PayForm payform allows Stored XSS.This issue affects PayForm: from n/a through = 2.0...

WordPress plugin ABCBiz Addons and Templates for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Image Alt Text plugin <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Image Alt Text Update vulnerability

Missing Authorization to Authenticated Subscriber+ Image Alt Text Update vulnerability discovered by WordFence in WordPress Plugin Image Alt Text versions = 2.0.0...

CVE-2023-28535

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Paytm Paytm Payment Donation plugin = 2.2.0 versions...