CVE-2026-3535

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the DSGVOGWPdownloadGoogleFonts function in all versions up to, and including, 1.1. The function is exposed via a wpajaxnopriv hook, requiring no authentication. It...

CVE-2026-32496

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through = 1.2.9...

CVE-2025-58670

Cross-Site Request Forgery CSRF vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through = 1.3...

CVE-2025-58670 WordPress WP Content Protection Plugin <= 1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through = 1.3...

CVE-2025-58670 WordPress WP Content Protection Plugin <= 1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through = 1.3...

WordPress Maspik - Ultimate Spam Protection plugin Cross-Site Request Forgery Vulnerability

WordPress Heateor Maspik - Ultimate Spam Protection plugin is an anti-spam plugin designed specifically for WordPress that protects contact forms, comment areas and signup forms from spam through a variety of technical means. The WordPress Maspik - Ultimate Spam Protection plugin suffers from a...

CVE-2024-0437

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or...

WordPress plugin ClickCease Click Fraud Protection 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin GDPR Compliance 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ArtistScope CopySafe Web Protection plugin = 3.13 versions...

PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability

The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been...

WordPress 跨站脚本漏洞

WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress plugin GDPR versions prior to 1.9.26. An attacker utilizing Javascript code may be able to execute on the victim's browser. If the victim is an administrator with a valid...

CVE-2021-24863

CVE-2021-24863 affects the WordPress plugin StopBadBots (StopBadBots WordPress plugin) prior to version 6.67. The vulnerability is a SQL injection caused by failure to sanitize and escape the User Agent before using it in a SQL statement to save it. Impact is unauthenticated access leading to dat...

WordPress SQL注入漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. The WordPress Secure Copy Content Protection and Content Locking plugin has a SQL injection vulnerabili...

WordPress Secure Copy Content Protection Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Secure Copy Content Protection plugin is an application plugin for WordPress. A SQL injection vulnerability exists in...

Web Security Dog apacheV4.0 Has Denial of Service Vulnerability

Website Security Dog Apache Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features. Web Security Dog apacheV4.0 has a denial of service vulnerability due to a problem with the length judgment function in th...

CVE-2008-0204

Multiple cross-site scripting XSS vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 mcspoptmsgnoanswer or 2 mcspoptmsgwronganswer parameter to...