162 matches found
EUVD-2026-36965
Contributor Privilege Escalation in B Blocks = 2.0.31 versions...
CVE-2026-39579
Contributor Privilege Escalation in B Blocks = 2.0.31 versions...
EUVD-2026-36879
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
CVE-2026-4089
The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...
WordPress plugin Smart Slider 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2026-11083
The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...
Exploit for CVE-2026-1560
CVE-2026-XXXX – Authenticated Remote Code Execution in Lazy Bl...
CVE-2025-14973 Recipe Card Blocks < 3.4.13 - Contributor+ SQLi
The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks...
WordPress Post Expirator plugin <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation vulnerability
Missing Authorization to Authenticated Contributor+ Workflow Manipulation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.3...
WordPress Travel Bucket List plugin <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by ChamlaVic in WordPress Plugin Wish To Go versions = 0.5.2...
WordPress Easy GitHub Gist Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Easy GitHub Gist Shortcodes versions = 1.0...
WordPress MyBookTable Bookstore plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MyBookTable Bookstore versions = 3.6.0...
WordPress The Moneytizer plugin <= 10.0.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin The Moneytizer versions = 10.0.9...
WordPress Yada Wiki plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Yada Wiki versions = 3.5...
WordPress Discussion Board plugin <= 2.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Discussion Board versions = 2.5.7...
WordPress MapSVG plugin <= 8.7.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by stealthcopter in WordPress Plugin MapSVG versions = 8.7.3...
WordPress NextGEN Gallery plugin <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template' vulnerability
Authenticated Contributor+ Local File Inclusion via 'template' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin NextGEN Gallery versions = 3.59.12...
WordPress Events Manager plugin <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'eventslistgrouped' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Events Manager versions = 7.2.2.1...
WordPress Gallery Blocks with Lightbox plugin <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Contributor+ Plugin Settings Modification vulnerability discovered by Karol in WordPress Plugin SimpLy Gallery versions = 3.3.0...
WordPress Colibri Page Builder plugin <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Colibri Page Builder versions = 1.0.335...