CVE-2025-28993

CVE-2025-28993 concerns the WordPress plugin Content No Cache . The vulnerability is an Improper Control of Generation of Code (Code Injection) , allowing an arbitrary function call due to flaws in the plugin’s code generation logic. Affected versions are listed as up to 0.1.3 (n/a through 0.1.3)...

CVE-2022-1020

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...

CVE-2025-47691 WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through = 2.10.3...

CVE-2025-47691 WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3...

WordPress plugin WPMobile.App 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Simple Link Directory 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Notibar 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The ARMember 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The Uix Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin The Uix...

WordPress Advanced Custom Fields PRO plugin <= 6.3.7 - Administrator+ Limited Arbitrary Function Call vulnerability

Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields PRO versions = 6.3.7...

WordPress Advanced Custom Fields plugin <= 6.3.6 - Administrator+ Limited Arbitrary Function Call vulnerability

Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields versions = 6.3.6...

CVE-2024-8268 Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajaxrequest function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level...

WordPress Frontend Dashboard plugin <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call vulnerability

Authenticated Subscriber+ Arbitrary Function Call vulnerability discovered by Lucio Sá in WordPress Plugin Frontend Dashboard versions = 2.2.4...

Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability

Contributor+ Arbitrary Function Execution vulnerability discovered by Security audit in WordPress Plugin Advanced Custom Fields PRO versions 6.2.10...

WordPress plugin FOX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Booster for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

CVE-2022-2314 VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

WordPress VR Calendar plugin < 2.3.1 - Unauthenticated Arbitrary Function Call vulnerability

Unauthenticated Arbitrary Function Call vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress VR Calendar plugin versions 2.3.1. Solution Update the WordPress VR Calendar plugin to the latest available version at least 2.3.1...

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...