WordPress Melapress Role Editor plugin <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability

Improper Authorization to Authenticated Subscriber+ Privilege Escalation via Secondary Role Assignment vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Melapress Role Editor versions = 1.1.1...

EUVD-2025-93382

Format Plugins versions 1.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

CVE-2025-61844

Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim...

CVE-2025-61842 Format Plugins | Use After Free (CWE-416)

Format Plugins versions 1.1.1 and earlier are affected by a Use After Free vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious...

WordPress plugin ThemeHunk 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin MemberPress Discord Addon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin WP Sessions Time Monitoring Full Automatic 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

WordPress Ksher plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Ksher versions = 1.1.1...

WordPress CubeWP Forms plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hunter85 Patchstack Alliance in WordPress Plugin CubeWP Forms versions = 1.1.1...

PT-2024-32308 · WordPress · The Cowidgets – Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Cowidgets – Elementor Addons plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the heading tag parameter due to insufficient input sanitization and output...

PT-2024-23379 · Unknown · Wpbakery Page Builder +1

Name of the Vulnerable Software and Affected Versions: OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer versions 1.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting,...

PT-2023-22150 · Unknown · Olive One Click Demo Import

Name of the Vulnerable Software and Affected Versions: Olive One Click Demo Import versions 1.1.1 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Olive One Click Demo Import. There is no information provided about the estimate...

PT-2023-31093 · Tawkto · Kreativo Pro Kp Fastest Tawk.To Chat

Name of the Vulnerable Software and Affected Versions: Kreativo Pro KP Fastest Tawk.To Chat versions 1.1.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker ca...

Unicopia Code Issue Vulnerability

Unicopia is a module by the individual developer Sollace. A security vulnerability exists in Unicopia 1.1.1 and earlier versions, which stems from the fact that it can deserialize untrusted data, allowing an attacker to execute arbitrary code...

Apache Wink XML External Entity Vulnerability

Apache Wink is a U.S. Apache Apache Software Foundation for building RESTful Web services framework , which consists of a server module and the client module for the development of RESTful Web services . An XML external entity injection vulnerability exists in Apache Wink 1.1.1 and earlier...