RestroPress-WordPress-Plugin-Sensitive-API-Key-amp-Token-Exposure-Vulnerability-Exploitation

📌 Overview CVE-2025-9209 is a critical information disclo...

CVE-2026-3477 PZ Frontend Manager <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter

The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfmuserrequestactioncallback function, registered via the wpajaxpzfmuserrequestaction action hook, lacks both capability checks and nonce verification. This function...

CVE-2026-22210

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

PT-2026-7497

The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...

EUVD-2011-4587

Malware in sbrugna...

EUVD-2024-30621

Malicious code in bioql PyPI...

EUVD-2024-28412

Malicious code in bioql PyPI...

Exploit for SQL Injection in Internet-Formation Wp-Advanced-Search

CVE-2024-9796 WP-Advanced-Search 3.3.9.2 - Unauthenticated S...

CVE-2024-32835

Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3...

CVE-2023-6390

The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2017-8099

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request...

CVE-2025-39443 WordPress Verge3D plugin <= 4.9.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery. This issue affects Verge3D: from n/a through 4.9.0...

WordPress Export and Import Users and Customers plugin <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability

Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Import Export WordPress Users versions = 2.6.2...

WordPress Export and Import Users and Customers plugin <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function vulnerability

Directory Traversal to Authenticated Administrator+ Limited Arbitrary File Deletion via adminlogpage Function vulnerability discovered by HayMiz in WordPress Plugin Import Export WordPress Users versions = 2.6.2...

Autodesk: Wordpress users Disclosure

we can see all the WordPress users/author with some of their information. Which can even be Personal information of employees/author. The file author-sitemap.xml at:https://www.payapps.com/author-sitemap.xml is enabled and this give the attacker many users names and emails like: F4036174 Impact...

CVE-2024-9887 Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection

The Login using WordPress Users WP as SAML IDP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

WordPress Login using WordPress Users ( WP as SAML IDP ) plugin <= 1.15.6 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Lesor101 in WordPress Plugin Login using WordPress Users WP as SAML IDP versions = 1.15.6...

WordPress WP Users Masquerade Plugin <= 2.0.0 is vulnerable to Broken Authentication

Software WP Users Masquerade Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9522 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID eb305b8e1a56 Credits Istvá...

CVE-2024-32835

CVE-2024-32835 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin Export and Import Users and Customers (the plugin name shown as Import Export Users and Customers / Export and Import Users and Customers). Affected versions range from earlier n/a up to 2.5.3. The ...

CVE-2024-30492

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2...