43 matches found
CVE-2026-57633
Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...
CVE-2026-57633 WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...
EUVD-2026-39749
Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...
CVE-2026-57633
CVE-2026-57633 describes an unauthenticated sensitive data exposure affecting the WordPress plugin WCBoost – Products Compare for versions up to 1.1.0 . The connected sources confirm the affected component and the exposure but do not provide attacker vectors, specific data exposed, root cause det...
CVE-2026-27400
Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...
CVE-2026-4022
The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posttype' shortcode attribute in the 'swiftpost-list' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on...
WordPress Triompher theme <= 1.1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Triompher versions = 1.1.0...
CVE-2026-27050
Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...
CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...
CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...
CVE-2026-27050
CVE-2026-27050 is a CSRF vulnerability affecting the WordPress RealPress plugin (RealPress) for versions up to and including 1.1.0. The issue is documented across multiple sources (NVD, Red Hat, CVE List, etc.) with a consistent description and does not provide additional exploit details in the c...
PT-2026-20759
Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...
WordPress Sosh Share Buttons plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Sosh Share Buttons versions = 1.1.0...
CVE-2025-68988
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through = 1.3.0...
CVE-2025-68885 WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through = 1.1.0...
CVE-2025-68885
CVE-2025-68885: Cross-Site Request Forgery in the Page Carbajal Custom Post Status plugin enables Stored XSS, affecting Custom Post Status up to version 1.1.0. CVSS 3.1 base 7.1 (HIGH). No exploitation details or fixes are provided in the initial or connected documents; refer to Patchstack listin...
CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in prasadkirpekar Advanced Custom CSS advanced-custom-css allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through = 1.1.0...
CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings
The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apitoken' and 'roomid' settings in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-67581 WordPress TrueBooker plugin <= 1.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through = 1.1.0...
CVE-2025-67581
CVE-2025-67581 is reported in the WordPress plugin “Appointment Booking and Scheduler Plugin – Truebooker” as an unauthenticated Missing Authorization vulnerability (misconfigured access control levels). The Wordfence vulnerability entry in the connected document confirms this issue affecting Tru...