CVE-2026-5293 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal

Description Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on the admininit hook. This makes it possible for unauthenticated attackers to dismiss notices via a forged request grant...

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

OMGF < 5.7.10 - Unauthenticated Directory Deletion & Stored XSS

Description The plugin is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used t...

Woocommerce Support System <= 1.2.1 - Missing Authorization

Description The Woocommerce Support System plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on several functions hook via 'init', 'admininit', and AJAX actions in versions up to, and including, 1.2.1. This makes it possible...

Vulnerability analysis: WordPress image plugin Fancybox-For-WordPress vulnerability to cause the batch hung it-vulnerability warning-the black bar safety net

! Fancybox For WordPress is a great WordPress picture plugin, it can make your WordPress images pop up a nice browsing interface, showing the rich pop-up layer effect. Last week security researchers found that some Wordpress blogs suffered a batch hung it, and these blogs have in common is to...

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...

Wordpress MailPoet (wysija-newsletters) Unauthenticated file Upload

The Wordpress plugin "MailPoet Newsletters" wysija-newsletters before 2.6.7 is vulnerable to an unauthenticated file upload. The exploits uses the upload Theme functionality to upload a zip file containing the payload. The plugin used the admininit hook without knowning the hook is also executed...

Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload

The Wordpress plugin "MailPoet Newsletters" wysija-newsletters before 2.6.8 is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme functionality to upload a zip file containing the payload. The plugin uses the admininit hook, which is also executed for unauthenticated...