WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

PT-2026-40869

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menu hover click parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

WordPress plugin WP YouTube Lyte 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-32523 WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...

Exploit for Cross-Site Request Forgery (CSRF) in Internet-Formation Wp-Advanced-Search

CVE-2022-47447 POC CSRF - CVE-2022-47447 --- ⚠️ Uso exclu...

CVE-2025-68859

CVE-2025-68859 affects the WordPress plugin Syntax Highlighter Compress (versions up to and including 3.0.83.3). Root cause: Improper neutralization of input during web page generation , leading to a Reflected XSS vulnerability. Affected scope is stated as Syntax Highlighter Compress: from n/a th...

WordPress plugin Omnichannel for WooCommerce has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-13935

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

CVE-2023-4243

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...

CVE-2025-68867 WordPress Effect Maker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through = 1.2.1...

CVE-2025-15058 Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency'

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tablecurrency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-67519 WordPress Ninja Tables plugin <= 5.2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.3...

WordPress dream gallery plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability discovered by dayea song - Ahnlab in WordPress Plugin dream gallery versions = 1.0...

WordPress plugin URL Image Importer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-45545

Name of the Vulnerable Software and Affected Versions Course Booking System versions prior to 6.1.6 Description The Course Booking System plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check in the csv-export.php file. An unauthenticat...

EUVD-2025-37981

The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...

WordPress Centangle Team Showcase plugin <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Centangle Team Showcase versions = 1.0.0...

PT-2025-43583

Name of the Vulnerable Software and Affected Versions Jeg Kit for Elementor WordPress plugin versions prior to 2.7.0 Description The Jeg Kit for Elementor WordPress plugin does not properly sanitize SVG file contents when uploaded through the xmlrpc.php file, which can result in a cross-site...

WordPress Cinza Grid plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Skin Content Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Skin Content Field vulnerability discovered by Nabil Irawan in WordPress Plugin Cinza Grid versions = 1.2.1...

WordPress plugin Digiseller 跨站脚本漏洞

WordPress Digiseller plugin is a plugin that is mainly used to help users integrate digital merchandising features in their websites. A cross-site scripting vulnerability exists in the WordPress Digiseller plugin, which stems from a lack of effective filtering and escaping of the ds shortcode, an...