20 matches found
CVE-2026-52701
CVE-2026-52701 is an unauthenticated broken access control vulnerability affecting WordPress User Registration plugin versions
CVE-2026-9673
CVE-2026-9673 affects json-2-csv versions 3.15.0 and earlier up to 5.5.11, vulnerable to CSV Injection via the preventCsvInjection option, which can be bypassed. An attacker can inject formulas into CSV files that execute when opened in spreadsheet apps. The SNYK entry describes a PoC and recomme...
CVE-2026-39682 WordPress linkPizza-Manager plugin <= 5.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through = 5.5.5...
CVE-2026-25368 WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through = 5.4.4.1...
CVE-2026-1537
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...
CVE-2025-63069
Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through = 5.5.12...
CVE-2025-12876 Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ptodeletefile AJAX action in all versions up to, and including, 5.1.19. This makes it possible for unauthenticated attackers to delete...
CVE-2025-57931 WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4...
CVE-2025-62042
CVE-2025-62042 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Event post” (event-post) affecting versions up to and including 5.10.3. The issue stems from improper input neutralization during web page generation, enabling an attacker to inject malicious scripts. Exploitati...
EUVD-2025-27956
Malicious code in bioql PyPI...
CVE-2025-7721 JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.7.3 via the task parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...
CVE-2025-58625
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spiffy Plugins WP Flow Plus wp-imageflow2 allows Stored XSS.This issue affects WP Flow Plus: from n/a through = 5.2.5...
CVE-2025-30997
Server-Side Request Forgery SSRF vulnerability in SmartDataSoft Car Repair Services car-repair-services allows Server Side Request Forgery.This issue affects Car Repair Services: from n/a through = 5.0...
CVE-2024-30530
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Stored XSS.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1...
CVE-2024-0829
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscribe...
CVE-2023-46639
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5...
CVE-2025-25686
semcms =5.0 is vulnerable to SQL Injection in SEMCMSFuction.php...
CVE-2025-23627
Cross-Site Request Forgery CSRF vulnerability in frenchsquared Comment-Emailer comment-emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through = 1.0.5...
VulnCheck KEV: CVE-2023-40000
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7...
CVE-2022-41136
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...