PT-2026-31093

Name of the Vulnerable Software and Affected Versions PZ Frontend Manager plugin for WordPress versions up to and including 1.0.6 Description The PZ Frontend Manager plugin for WordPress is susceptible to a missing authorization issue. The pzfm user request action callback function, accessible...

WordPress plugin LotekMedia Popup Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-27363

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through = 1.0.6...

WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Bakery Autoresponder Addon versions = 1.0.6...

WordPress History Timeline plugin <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin History Timeline versions = 1.0.6...

EUVD-2025-198403

The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the...

CVE-2025-53571 WordPress HAPPY plugin <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.6...

PT-2025-36253

Name of the Vulnerable Software and Affected Versions: VillaTheme HAPPY versions n/a through 1.0.6 Description: A missing authorization issue exists in VillaTheme HAPPY, allowing exploitation due to incorrectly configured access control security levels. Recommendations: Update VillaTheme HAPPY to...

PT-2025-35008

Cross-Site Request Forgery CSRF vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6...

rs265_text-based-adventure-game (>=1.0.4 <=1.0.6) potentially affected by unknown CVE via halk (=0.0.1-security)

halk NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on halk and may be impacted: - rs265text-based-adventure-game =1.0.4, =1.0.6 Source cves: unknown CVE Source advisory: OSV:MAL-2025-22133...

CVE-2025-49317 WordPress WP Page Loading plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in NTC WP Page Loading wp-page-loading allows Cross Site Request Forgery.This issue affects WP Page Loading: from n/a through = 1.0.6...

CVE-2025-46539

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through = 1.0.6...

WordPress plugin Bookingor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-51676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Delicious Delisho dr-widgets-blocks allows DOM-Based XSS.This issue affects Delisho: from n/a through = 1.0.6...

CVE-2024-55983

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PowerFormBuilder PowerFormBuilder power-forms-builder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through = 1.0.6...

PT-2024-36201 · Multinet Interactive Ab · Kundgenerator

Name of the Vulnerable Software and Affected Versions: MultiNet Interactive AB Kundgenerator versions 1.0.0 through 1.0.6 Description: The issue affects the Kundgenerator, allowing Reflected XSS due to improper neutralization of input during web page generation. This can lead to cross-site...

WordPress Booking System Trafft plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Booking System Trafft versions = 1.0.6...

PT-2024-34981 · Elementor · Dynamic Post Grid Elementor Addon

Name of the Vulnerable Software and Affected Versions: Dynamic Post Grid Elementor Addon versions 1.0.0 through 1.0.6 Description: The issue affects the Dynamic Post Grid Elementor Addon, allowing DOM-Based XSS due to improper neutralization of input during web page generation. This is a...

WordPress Dynamic Post Grid Elementor Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Dynamic Post Grid Elementor Addon versions = 1.0.6...

WordPress video carousel slider with lightbox plugin <= 1.0.6 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin video carousel slider with lightbox versions = 1.0.6...