WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Celeste versions = 1.3.6...

CVE-2026-1804 WDES Responsive Popup <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute

The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-1268

The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

WordPress WP Finance plugin <= 1.3.6 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Finance versions = 1.3.6...

WordPress plugin StreamWeasels YouTube Integration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Boostify Header Footer Builder for Elementor plugin <= 1.3.6 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Boostify Header Footer Builder for Elementor versions = 1.3.6...

PT-2024-24285 · Unknown · Anton Aleksandrov Wordpress Hosting Benchmark Tool

Name of the Vulnerable Software and Affected Versions: Anton Aleksandrov WordPress Hosting Benchmark tool versions 1.3.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in the Anton Aleksandrov WordPress Hosting Benchmark tool. This type of vulnerability allo...

CVE-2023-35047

Cross-Site Request Forgery CSRF vulnerability in AREOI All Bootstrap Blocks plugin = 1.3.6 versions...

WordPress NewStatPress plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress NewStatPress plugin prior to 1.3.6. The vulnerabili...