PT-2026-33467

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload for Contact Form 7 versions prior to 1.3.9.7 Description An issue exists where unauthenticated attackers can read and exfiltrate arbitrary files readable by the web server process. This occurs because the...

CVE-2026-0743 WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter

The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-49358

Content Fetcher (WordPress plugin) has CVE-2025-49358: an authenticated (Contributor+) Stored Cross-Site Scripting vulnerability affecting Content Fetcher

CVE-2025-49358 WordPress Content Fetcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ruhul Amin Content Fetcher content-fetcher allows DOM-Based XSS.This issue affects Content Fetcher: from n/a through = 1.1...

CVE-2025-49358 WordPress Content Fetcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ruhul Amin Content Fetcher content-fetcher allows DOM-Based XSS.This issue affects Content Fetcher: from n/a through = 1.1...

CVE-2025-68879 WordPress Content Grid Slider plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through = 1.5...

CVE-2025-12747

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...

CVE-2025-12747

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...

CVE-2025-12747

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...

CVE-2025-12747 Tainacan <= 1.0.0 - Unauthenticated Information Exposure

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated attackers to extract potentially sensitive...

CVE-2025-12747

The CVE-2025-12747 entry describes an information exposure in the WordPress Tainacan plugin up to version 1.0.0, where private-uploaded files are exposed in wp-content and readable by unauthenticated users. Connected sources confirm the issue and indicate a fix was introduced (e.g., GitHub diff 1...

CVE-2025-11769

The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipperfront' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-64263 WordPress WP Content Pilot plugin <= 2.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in PluginEver WP Content Pilot wp-content-pilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Content Pilot: from n/a through = 2.1.7...

CVE-2025-11769

The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipperfront' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possib...

WordPress plugin WordPress Content Flipper 跨站脚本漏洞

WordPress Content Flipper plugin is an open source WordPress plugin , mainly used for content display and interactive features . A cross-site scripting vulnerability exists in the WordPress Content Flipper plugin, which stems from insufficient input cleanup and output escaping of the parameter...

CVE-2025-12539 TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...

CVE-2025-10486

The CVE-2025-10486 entry concerns the WordPress Content Writer plugin. Publicly exposed log files allowed unauthenticated attackers to view sensitive information from all versions up to and including 3.6.8. The issue is categorized as unauthenticated information disclosure with a Network attack v...

WordPress Content Writer plugin <= 3.6.8 - Unauthenticated Information Exposure via Log File vulnerability

Unauthenticated Information Exposure via Log File vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Content Writer versions = 3.6.8...

EUVD-2025-30550

Malicious code in bioql PyPI...

CVE-2025-58670

Cross-Site Request Forgery CSRF vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through = 1.3...