EUVD-2026-32037

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

Exploit for CVE-2026-8181

CVE-2026-8181 - Burst Statistics Authentication Bypass Exploit...

CVE-2025-9209

The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user private tokens and API data via the /wp-json/wp/v2/users REST API endpoint. This makes it possible for unauthenticated...

CVE-2025-4973

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an accoun...

PT-2025-25280 · WordPress · Workreap

Name of the Vulnerable Software and Affected Versions: Workreap plugin for WordPress versions up to, and including, 3.3.1 Description: The issue arises from the plugin's failure to properly verify a user's identity before logging them in when verifying an account with an email address. This allow...

CVE-2024-10527

CVE-2024-10527 affects the Spacer WordPress plugin. The vulnerability results from a missing capability check in the motech_spacer_callback() function across all versions up to and including 3.0.7. This allows authenticated users with Subscriber-level access and above to view limited settings inf...

Exploit for CVE-2024-10245

CVE-2024-10245 Relais 2FA = 1.0 - Authentication Bypass...

CVE-2024-0845 PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render

The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-30479 WordPress LionScripts: IP Blocker Lite plugin <= 11.1.1 - Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1...

WordPress 5.0.0 crop-image Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...

UBUNTU-CVE-2015-5715

The mweditPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the mashtlbtwitterusername parameter in the...

CVE-2007-1599

wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirectto parameter...