CVE-2026-4089

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

WordPress plugin Smart Slider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2026-11083

The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as userscanregister...

Exploit for CVE-2026-1560

CVE-2026-XXXX – Authenticated Remote Code Execution in Lazy Bl...

CVE-2025-14973 Recipe Card Blocks < 3.4.13 - Contributor+ SQLi

The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks...

WordPress Post Expirator plugin <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation vulnerability

Missing Authorization to Authenticated Contributor+ Workflow Manipulation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.3...

WordPress Travel Bucket List plugin <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by ChamlaVic in WordPress Plugin Wish To Go versions = 0.5.2...

WordPress Easy GitHub Gist Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Easy GitHub Gist Shortcodes versions = 1.0...

WordPress MyBookTable Bookstore plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MyBookTable Bookstore versions = 3.6.0...

WordPress The Moneytizer plugin <= 10.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin The Moneytizer versions = 10.0.9...

WordPress Yada Wiki plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Yada Wiki versions = 3.5...

WordPress Discussion Board plugin <= 2.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Discussion Board versions = 2.5.7...

WordPress MapSVG plugin <= 8.7.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter in WordPress Plugin MapSVG versions = 8.7.3...

WordPress NextGEN Gallery plugin <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template' vulnerability

Authenticated Contributor+ Local File Inclusion via 'template' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin NextGEN Gallery versions = 3.59.12...

WordPress Events Manager plugin <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'eventslistgrouped' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Events Manager versions = 7.2.2.1...

WordPress Gallery Blocks with Lightbox plugin <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Plugin Settings Modification vulnerability discovered by Karol in WordPress Plugin SimpLy Gallery versions = 3.3.0...

WordPress Colibri Page Builder plugin <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Colibri Page Builder versions = 1.0.335...

WordPress Header Footer Script Adder – Insert Code in Header, Body & Footer plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Powpy in WordPress Plugin Header Footer Script Adder versions = 2.0.5...

WordPress AI Feeds plugin <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'aifepostmeta' Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin AI Feeds versions = 1.0.22...

WordPress SurveyFunnel – Survey Plugin for WordPress plugin <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SurveyFunnel versions = 1.1.5...