EUVD-2026-22828

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

WordPress Context Blog theme <= 1.2.5 - Unauthenticated Private Post Disclosure vulnerability

Unauthenticated Private Post Disclosure vulnerability discovered by jsonc in WordPress Theme Context Blog versions = 1.2.5...

WordPress Shortcodes for Elementor plugin <= 1.0.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Shortcodes for Elementor versions = 1.0.4...

EUVD-2006-1693

Malware in sbrugna...

WordPress Post Lockdown plugin <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ Post Disclosure vulnerability discovered by Krzysztof Zając in WordPress Plugin Post Lockdown versions = 4.0.2...

CVE-2025-1322 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

WordPress WP-Recall plugin <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Authenticated Contributor+ Protected Post Disclosure vulnerability discovered by Krzysztof Zając in WordPress Plugin WP-Recall versions = 16.26.10...

CVE-2024-13832 Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'utelementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

WordPress Ultra Addons Lite for Elementor plugin <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure vulnerability

Authenticated Contributor+ Restricted Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultra Addons Lite for Elementor versions = 1.1.8...

CVE-2024-13514 B Slider- Gutenberg Slider Block for WP <= 1.1.23 - Authenticated (Contributor+) Private Post Disclosure via bsb-slider Shortcode

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

WordPress Typer Core plugin <= 1.9.6 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Typer Core versions = 1.9.6...

WordPress Piotnet Addons For Elementor plugin <= 2.4.32 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Piotnet Addons For Elementor versions = 2.4.32...

WordPress RRAddons for Elementor plugin <= 1.1.0 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Ankit Patel in WordPress Plugin RRAddons for Elementor versions = 1.1.0...

WordPress Unlimited Theme Addon For Elementor and WooCommerce plugin <= 1.2.1 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Unlimited Theme Addon For Elementor and WooCommerce versions = 1.2.1...

CVE-2024-12335 Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

WordPress Avada Builder plugin <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Authenticated Contributor+ Protected Post Disclosure vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.11.12...

WordPress Full Screen Menu for Elementor plugin <= 1.0.7 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Full Screen Menu for Elementor versions = 1.0.7...

WordPress Events Addon for Elementor plugin <= 2.2.3 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Events Addon for Elementor versions = 2.2.3...

WordPress Greenshift plugin <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Greenshift versions = 9.9.9.3...

WordPress PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin <= 2.8.1 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin PowerPack Addons for Elementor versions = 2.8.1...