36 matches found
EUVD-2025-210256
Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...
CVE-2025-69173
Unauthenticated Local File Inclusion in Tipsy = 1.1 versions...
WordPress Amazon Scraper plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Amazon Scraper versions = 1.1...
EUVD-2026-20246
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through = 1.1...
EUVD-2026-9583
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through = 1.1...
CVE-2025-14142
The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-69304
CVE-2025-69304 affects WordPress Allmart plugin (allmart-core) up to version 1.1, with an unauthenticated Blind SQL Injection due to improper neutralization of SQL elements. CVSS 3.1 base score 9.3 (CRITICAL). Connected sources confirm the vulnerability description and affected versions, but do n...
WordPress ZoomifyWP Free plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'filename' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin ZoomifyWP Free versions = 1.1...
CVE-2025-14502 News and Blog Designer Bundle <= 1.1 - Unauthenticated Local File Inclusion
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution...
WordPress Webcake plugin <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Webcake versions = 1.1...
WordPress Dynamically Display Posts plugin <= 1.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by dayea song in WordPress Plugin Dynamically Display Posts versions = 1.1...
CVE-2025-57985 WordPress Ultimate Watermark Plugin <= 1.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in MantraBrain Ultimate Watermark ultimate-watermark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Watermark: from n/a through = 1.1...
CVE-2025-9860
The WordPress Mixtape plugin is vulnerable to Stored Cross-Site Scripting (XSS) via the mixtape shortcode in all versions up to 1.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with contributor-level access or...
WordPress Assembly theme <= 1.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Assembly versions = 1.1...
CVE-2025-49433 WordPress Supermalink <= 1.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a through = 1.1...
CVE-2025-23555 WordPress Ui Slider Filter By Price plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Ui Slider Filter By Price allows Reflected XSS. This issue affects Ui Slider Filter By Price: from n/a through 1.1...
WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability
Settings Change vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin EMI Calculator versions = 1.1...
CVE-2025-23659
Cross-Site Request Forgery CSRF vulnerability in hernanjh MercadoLibre Integration mercadolibre-integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through = 1.1...
WordPress WP Options Editor plugin <= 1.1 - CSRF to Privilege Escalation vulnerability
CSRF to Privilege Escalation vulnerability discovered by Mika in WordPress Plugin WP Options Editor versions = 1.1...
WordPress plugin Tock Widget 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...