13 matches found
PT-2026-49523
Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...
CVE-2026-7249
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
WordPress Task Manager plugin <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by theviper17y in WordPress Plugin Task Manager versions = 3.0.2...
WordPress Aruba HiSpeed Cache plugin <= 3.0.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.2...
WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id, oxiaddonsftitletag, and contentdescriptiontag Parameters vulnerability discovered by stealthcopter in WordPress Plugin Image Hover Effects - Caption Hover with Carousel versions = 3.0.2...
CVE-2026-24571
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through = 3.0.2...
CVE-2023-25056
Cross-Site Request Forgery CSRF vulnerability in SlickRemix Feed Them Social plugin = 3.0.2 versions...
WordPress Age Restriction plugin <= 3.0.2 - Subscriber+ Privilege Escalation vulnerability
Subscriber+ Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...
CVE-2025-62090
Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons:...
CVE-2025-54721 WordPress Resca theme <= 3.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through = 3.0.2...
CVE-2025-30893 WordPress LeadConnector plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LeadConnector LeadConnector leadconnector allows DOM-Based XSS.This issue affects LeadConnector: from n/a through = 3.0.2...
WordPress Cliengo - Chatbot plugin <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update vulnerability
WordPress Cliengo - Chatbot plugin = 3.0.2 - Missing Authorization to Authorized Subscriber+ Chatbot Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Cliengo – Chatbot versions = 3.0.2...
WordPress plugin Image Hover Effects with Carousel security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...