CVE-2023-32740

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.8.1 versions...

CVE-2023-37990

Cross-Site Request Forgery CSRF vulnerability in Mike Perelink Pro plugin = 2.1.4 versions...

CVE-2023-6243

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

PT-2025-22721 · Unknown · Scripteo Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: scripteo Ads Pro Plugin versions n/a through 4.88 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Loca...

WordPress plugin Ads Pro Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2022-4166

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive informati...

CVE-2022-4156

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...

CVE-2022-2391

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description...

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

CVE-2018-25055

A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross...

CVE-2015-9418

The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes...

WordPress Ads Pro plugin <= 4.89 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin Ads Pro versions = 4.89...

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-3812

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcldopenaideletetrainingfile function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2025-46464

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Stored XSS.This issue affects Ads Pro: from n/a through = 5.0...

CVE-2024-6690

The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites...

CVE-2024-6693

The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-21775 · WordPress · Wpbot Pro

Name of the Vulnerable Software and Affected Versions: WPBot Pro Wordpress Chatbot plugin versions up to, and including, 13.6.2 Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld openai...

CVE-2025-46464

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Stored XSS.This issue affects Ads Pro: from n/a through = 5.0...