3 matches found
PT-2026-49485
Name of the Vulnerable Software and Affected Versions WP Job Portal versions prior to 2.5.3 Description Cross Site Scripting XSS exists in the plugin, allowing users with the Subscriber role to execute malicious scripts in the browser of other users. Recommendations Update to a version newer than...
CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2025-9776 CatFolders – Tame Your WordPress Media Library by Category <= 2.5.2 - Authenticated (Author+) SQL Injection via CSV Import
The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...