WordPress Payment Form for PayPal Pro plugin <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Doan Dinh Van / Fore-Z co.ltd in WordPress Plugin Payment Form for PayPal Pro versions = 1.1.72...

CVE-2025-26902

CVE-2025-26902: Cross-Site Request Forgery in Brizy Pro. Affected: Brizy Pro up to and including 2.6.1. Description specifies CSRF vulnerability; no details on root cause beyond CSRF, no exploit specifics or affected actions beyond the vulnerability type. Connected sources corroborate the CVEID a...

CVE-2025-26902 WordPress Brizy Pro plugin <= 2.6.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1...

WordPress Brizy Pro plugin <= 2.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Brizy Pro versions = 2.6.1...

CVE-2024-12563

The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the...

CVE-2025-1639

The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installelementorpluginhandler function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, wi...

CVE-2025-26776 WordPress Chaty Pro Plugin <= 3.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3...

CVE-2024-12562

The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...

CVE-2024-12562

The CVE-2024-12562 entry concerns the WordPress s2Member Pro plugin (versions up to 241216) and describes a PHP Object Injection via deserialization of untrusted input from the s2member_pro_remote_op parameter. The issue allows unauthenticated attackers to inject a PHP Object. The vulnerability i...

WordPress Chaty Pro Plugin <= 3.3.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by luc Patchstack in WordPress Plugin Chaty Pro versions = 3.3.3...

CVE-2022-47605

Auth. SQL Injection' vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.7.0 versions...

CVE-2024-3828

The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated...

CVE-2024-3962

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-2024

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handlefoldersfileupload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...

WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Admin and Site Enhancements ASE Pro versions = 7.6.1.1...

CVE-2025-22763 WordPress Brizy Pro Plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1...

CVE-2025-22763

CVE-2025-22763 affects Brizy Pro (WordPress) up to version 2.6.1 and is a Reflected XSS caused by improper input handling during web page generation. The Red Hat and Wordfence entries corroborate the same ID and vulnerability class, noting the affected product and version range. The Wordfence vul...

WordPress plugin Brizy Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2024-8722

The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...