127 matches found
CVE-2025-39369 WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page posts-for-page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through = 2.1...
CVE-2025-26544 WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Max K UTM tags tracking for Contact Form 7 cf7-utm-tracking allows Reflected XSS.This issue affects UTM tags tracking for Contact Form 7: from n/a through = 2.1...
CVE-2025-26544 WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound UTM tags tracking for Contact Form 7 allows Reflected XSS. This issue affects UTM tags tracking for Contact Form 7: from n/a through 2.1...
WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UTM tags tracking for Contact Form 7 versions = 2.1...
WordPress plugin Members page only for logged in users 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Members page only for logged in...
WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Archive Page versions = 1.0.2...
CVE-2024-3597
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rcexportedzipfile parameter. This makes it possible for unauthenticated attackers to...
CVE-2025-23547 WordPress LH Login Page plugin <= 2.14 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH Login Page lh-login-page allows Reflected XSS.This issue affects LH Login Page: from n/a through = 2.14...
CVE-2024-12098
The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utmkeyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-12098
CVE-2024-12098 affects the ARS Affiliate Page Plugin for WordPress. The issue is a Reflected Cross-Site Scripting via the utm_keyword parameter in all versions up to and including 2.0.2, allowing unauthenticated attackers to inject scripts in pages executed when a user clicks a crafted link. A pa...
CVE-2024-12098 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting
The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utmkeyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-6465
CVE-2024-6465 : The WP Links Page plugin for WordPress allows unauthorized modification of data due to a missing capability check in wplf_ajax_update_screenshots. This affects all versions up to and including 4.9.5. Authenticated attackers with Subscriber-level access and above can regenerate the...
PT-2024-26755 · WordPress · Simple Like Page Plugin
Name of the Vulnerable Software and Affected Versions: The Simple Like Page Plugin for WordPress versions up to, and including, 1.5.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing authenticat...
CVE-2024-1462
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
CVE-2024-1462
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
Code injection
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
CVE-2024-1370 Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure
The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...
PT-2024-18066 · WordPress · Maintenance Page
Name of the Vulnerable Software and Affected Versions: Maintenance Page plugin for WordPress versions up to, and including, 1.0.8 Description: The issue allows unauthenticated attackers to view post titles and content when the site is in maintenance mode, due to Basic Information Exposure via the...
CVE-2024-0708
The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public...
CVE-2023-52195 WordPress Posts to Page Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7...