102 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-14725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. CVE-2017-14725 Note that...
CVE-2023-3170
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...
CVE-2022-2395
The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-32790
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...
CVE-2024-8085 PeoplePond <= 1.1.9 - CSRF to Stored XSS
The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2025-30552
Cross-Site Request Forgery CSRF vulnerability in Donald Gilbert WordPress Admin Bar Improved wordpress-admin-bar-improved allows Stored XSS.This issue affects WordPress Admin Bar Improved: from n/a through = 3.3.5...
CVE-2025-30552
CVE-2025-30552: A Cross-Site Request Forgery (CSRF) leading to Stored XSS in WordPress Admin Bar Improved. Affected: WordPress Admin Bar Improved versions up to 3.3.5 (range includes n/a through 3.3.5). Nature: CSRF vulnerability that can result in stored XSS. Severity: CVSS v3.1 base score 7.1 (...
CVE-2025-30552 WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Donald Gilbert WordPress Admin Bar Improved wordpress-admin-bar-improved allows Stored XSS.This issue affects WordPress Admin Bar Improved: from n/a through = 3.3.5...
WordPress plugin WordPress Admin Bar Improved 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin WordPress Admin B...
Exploit for CVE-2024-2961
PHP file-read to RCE CVE-2024-2961 TODO Parse LIBC to kn...
CVE-2025-23832 WordPress Admin Cleanup plugin <= 1.0.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Matt Gibbs Admin Cleanup admin-cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through = 1.0.2...
CVE-2025-23832 WordPress Admin Cleanup plugin <= 1.0.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Matt Gibbs Admin Cleanup admin-cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through = 1.0.2...
CVE-2024-12731 aklamator-infeed <= 2.0.0 - Reflected XSS
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2024-17347
Name of the Vulnerable Software and Affected Versions GiveWP WordPress plugin versions prior to 3.19.0 Description The issue arises from the plugin's failure to properly sanitise and escape a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting error,...
CVE-2024-54431 WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...
CVE-2024-54431
CVE-2024-54431 is a CSRF-to-Stored-XSS vulnerability in the Admin Customization plugin for Admin Customization: from n/a through 2.2. The issue, described in connected documents as a Cross-Site Request Forgery vulnerability that enables Stored XSS, affects the Admin Customization plugin before or...
CVE-2024-51637 WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through = 1.1.0...
WordPress Admin Amplify Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Admin Amplify Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51691 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6902915ddda2 Credits João Pedro S Alcântara Kinorth...
WordPress Admin Management Xtended Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)
Software Admin Management Xtended Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49307 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 966456ab80af Credits Trương Hữu Phúc truonghuuphuc...
WordPress Admin Trim Interface Plugin <= 3.5.1 is vulnerable to Sensitive Data Exposure
Software Admin Trim Interface Type Plugin Vulnerable versions = 3.5.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6545 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4e884f0bbd90 Credits stealthcopter Required...