770 matches found
WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...
tagDiv Composer < 4.2 - Stored Cross-Site Scripting
tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...
LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...
Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...
WordPress Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin <= 2.8.7 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Lucius-log in WordPress Plugin Bit Integrations versions = 2.8.7...
EUVD-2026-37624
Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...
EUVD-2025-210231
Unauthenticated Local File Inclusion in Gat = 1.16 versions...
CVE-2026-39560
Unauthenticated PHP Object Injection in Hiroshi = 1.5.1 versions...
CVE-2026-49107
Unauthenticated PHP Object Injection in Thrive Apprentice 10.8.10.2 versions...
CVE-2025-69170 WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...
CVE-2026-54189
JetEngine WordPress plugin
CVE-2026-49778 WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...
CVE-2026-39537
CVE-2026-39537 concerns WordPress Mikado Core plugin versions
CVE-2025-58953 WordPress Joly theme <= 1.22.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Joly = 1.22.0 versions...
CVE-2025-49403
CVE-2025-49403 affects Premium Age Verification / Restriction for WordPress (WordPress plugin) versions <= 3.0.2. Unauthenticated Arbitrary File Download is reported; Patchstack notes vulnerability in versions
CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
CVE-2026-39548
The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress MagOne theme, version(s) up to and including 9.0. The issue affects the MagOne theme for WordPress and is categorized as a reflected XSS; the exact vulnerable component is not separately ident...
CVE-2025-69105
Technical details (affected versions beyond Modernee
D-Link Routers - Remote Code Execution
D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who...
EUVD-2026-36927
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...