CVE-2025-32301

CVE-2025-32301 : LambertGroup CountDown Pro WP Plugin (<= 2.7) has an SQL Injection vulnerability due to improper neutralization of input in SQL commands. The CVSS v3.1 score is 8.5 (HIGH) with NETWORK attack vector, LOW attack complexity, PRIVILEGES REQUIRED: LOW, and the impact on confidenti...

CVE-2025-32301 WordPress CountDown Pro WP Plugin <= 2.7 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup CountDown Pro WP Plugin allows SQL Injection. This issue affects CountDown Pro WP Plugin: from n/a through 2.7...

CVE-2025-46464

CVE-2025-46464 : Stored XSS in WordPress Ads Pro Plugin (scripteo Ads Pro). Triggered by improper input neutralization during web page generation. Affected: Ads Pro Plugin versions n/a–4.88. Connected sources indicate the flaw is present and unpatched in many disclosures; PatchSTACK lists a fix i...

WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Dokan Pro versions = 3.14.5...

WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Element Pack Pro versions 8.0.0...

WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

WordPress plugin Ads Pro Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2025-21705 · Unknown · Scripteo Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: scripteo Ads Pro Plugin versions n/a through 4.88 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS in the scripteo Ads Pro Plugin...

CVE-2024-6693

The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6693

The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6690

The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites...

PT-2025-21488

Name of the Vulnerable Software and Affected Versions: wccp-pro WordPress plugin versions prior to 15.3 Description: The issue concerns an open-redirect flaw via the referrer parameter, allowing the redirection of users to external sites. Recommendations: For versions prior to 15.3, update to...

PT-2025-21489 · WordPress · Wccp-Pro

Name of the Vulnerable Software and Affected Versions: wccp-pro WordPress plugin versions prior to 15.3 Description: The issue concerns the wccp-pro WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as administrators, t...

CVE-2024-13322

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2024-13322

CVE-2024-13322 describes an unauthenticated SQL injection in the WordPress Ads Pro Plugin (Multi-Purpose Advertising Manager) up to version 4.88. The root cause is insufficient escaping of the a_id parameter and lack of proper preparation in the existing SQL query, allowing attackers to append ad...

CVE-2024-13322 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.88 - Unauthenticated SQL Injection

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2024-13322 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.88 - Unauthenticated SQL Injection

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'aid' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

WordPress plugin Ads Pro Plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-18750 · WordPress · The Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin versions up to, and including, 4.88 Description: The issue allows for SQL Injection via the a id parameter due to insufficient escaping on the user-supplied parameter and...

WordPress Ads Pro plugin <= 4.88 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.88...