WordPress plugin Publish 2 Ping.fm 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress DSGVO Google Web Fonts GDPR plugin <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability

Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin DSGVO Google Web Fonts GDPR versions = 1.1...

WordPress plugin Super Custom Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin WPFAQBlock– FAQ & Accordion Plugin For Gutenberg 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Winter vulnerable to privilege escalation by authenticated backend users

Impact Affected versions of Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security...

CVE-2025-69304 WordPress Allmart plugin <= 1.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a through = 1.1...

CVE-2026-1187

The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress AhaChat Messenger Marketing plugin <= 1.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Yevgen Goncharuk in WordPress Plugin AhaChat Messenger Marketing versions = 1.1...

WordPress plugin WP SEO Search has a vulnerability related to cross-site request forgeing.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Overstock Affiliate Links plugin <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Overstock Affiliate Links versions = 1.1...

WordPress plugin Rally 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

ae.teletronics.nlp:categorisation (>=1.3 <=1.6), ae.teletronics.nlp:entityextraction (>=1.3 <=1.4) +4950 more potentially affected by CVE-2025-12183 via net.jpountz.lz4:lz4 (>=1.1.0 <=1.3.0)

net.jpountz.lz4:lz4 MAVEN version =1.1.0, =1.3, =1.3, =0.42.1, =1.3.0, =0.13.0, =1.1.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.10.0, =0.13.0, =v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744 and more Source cves: CVE-2025-12183 Source advisory: OSV:GHSA-VQF4-7M7X-WGFC...

CVE-2025-11765

The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageheight' and 'imagewidth' shortcode attributes in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-11501

CVE-2025-11501: The WordPress plugin Dynamically Display Posts is vulnerable to SQL Injection via tax_query in all versions up to 1.1 due to insufficient escaping and lack of prepared statements. This allows unauthenticated attackers to append additional SQL to existing queries, enabling potentia...

EUVD-2025-31697

Malicious code in bioql PyPI...

WordPress Bg Church Memos Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Gilang Asra Bilhadi in WordPress Plugin Bg Church Memos versions = 1.1...

Exploit for CVE-2025-34152

⚠️ CVE-2025-34152 – Shenzhen Aitemi M300 Wi-Fi Repeater RCE...

PT-2025-36197

Name of the Vulnerable Software and Affected Versions: WPBean WPB Image Widget versions through 1.1 Description: The WPBean WPB Image Widget software contains a flaw due to improper neutralization of input during web page generation, which results in a Stored Cross-site Scripting XSS issue...

WordPress plugin Kanpress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-34707 · Unknown · Scratch Channel

Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions 1 and 1.1 Description: The Scratch Channel, a news website, is susceptible to unauthorized article posting. A POST request to the article publishing endpoint allows posting articles in any category with any date,...