PT-2025-2170 · WordPress · Webcamconsult

Name of the Vulnerable Software and Affected Versions: Webcamconsult plugin for WordPress versions up to, and including, 1.5.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This allows unauthenticated attackers to updat...

PT-2024-36565 · WordPress · Popup Maker

Name of the Vulnerable Software and Affected Versions: The Popup Maker WordPress plugin versions prior to 1.19.1 Description: The issue concerns a Stored Cross-Site Scripting flaw in the Popup Maker WordPress plugin. This flaw arises because the plugin does not properly sanitize and escape some o...

PT-2024-20389 · WordPress · Vikbooking Hotel Booking Engine & Pms

Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.6.8 Description: The issue allows an authenticated user with subscriber privileges or above to bypass authorization and access settings they shouldn't be allowed to...

PT-2024-18439 · WordPress · Yuki Theme

Name of the Vulnerable Software and Affected Versions: Yuki theme for WordPress versions up to, and including 1.3.14 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the reset customizer options function. This allows unauthenticated...

PT-2023-31958 · WordPress · E2Pdf

Name of the Vulnerable Software and Affected Versions: E2Pdf WordPress plugin versions prior to 1.20.20 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to the plugin not sanitizing and escaping...

PT-2023-10173 · WordPress · Broken Link Checker Plugin

Name of the Vulnerable Software and Affected Versions: Broken Link Checker Plugin versions up to 1.10.1 Description: A vulnerability was found in the Broken Link Checker Plugin. It affects the function options page of the file core/core.php of the component Settings Page. The manipulation of the...

PT-2022-24704 · WordPress · Easy Form Builder

Name of the Vulnerable Software and Affected Versions: Easy Form Builder WordPress plugin versions prior to 3.4.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised a...

PT-2022-14183 · WordPress · Copyrightpro

Name of the Vulnerable Software and Affected Versions: Copyright Proof WordPress plugin versions 4.16 and earlier Description: The issue concerns a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being output via an AJAX action...

PT-2022-21929 · WordPress · Bxslider Wp

Name of the Vulnerable Software and Affected Versions: BxSlider WP plugin versions = 2.0.0 Description: The issue is an Authenticated Cross-Site Scripting XSS vulnerability. It affects users with contributor or higher roles. There is no information provided about the estimated number of potential...