CVE-2026-25015

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

EUVD-2026-5257

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

CVE-2026-25015

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

CVE-2026-25015 WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Tristan Jay Neale in WordPress Plugin UsersWP versions = 1.2.53...

PT-2025-44591

Name of the Vulnerable Software and Affected Versions OOPSpam Anti-Spam plugin for WordPress versions through 1.2.53 Description The OOPSpam Anti-Spam plugin for WordPress is susceptible to IP Header Spoofing. The plugin improperly trusts client-controlled forwarded headers, such as...

PT-2022-26193 · WordPress · Sliderby10Web Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Sliderby10Web WordPress plugin versions prior to 1.2.53 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for exampl...

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Slider » Sliders" and edit one of...