WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin PGS Core versions = 5.9.0...

CVE-2025-60118

CVE-2025-60118 – PotenzaglobalS’s PGS Core

CVE-2025-60118 WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through = 5.9.0...

CVE-2025-60118 WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through = 5.9.0...

WordPress plugin PGS Core SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

CVE-2025-0856

The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options...

CVE-2025-0853

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress PGS Core plugin <= 5.8.0 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...

WordPress PGS Core plugin <= 5.8.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...

CVE-2025-0856 PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions

The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options...

CVE-2025-0856 PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions

The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options...

CVE-2025-0856

The CVE (CVE-2025-0856) concerns the WordPress PGS Core plugin and is caused by a missing capability check in multiple functions, affecting all versions up to and including 5.8.0. This permits unauthenticated attackers to access, modify, or delete plugin options, effectively enabling unauthorized...

CVE-2025-0855 PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

CVE-2025-0853

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-0853

CVE-2025-0853: PGS Core WordPress plugin

CVE-2025-0853 PGS Core <= 5.8.0 - Unauthenticated SQL Injection

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-0853 PGS Core <= 5.8.0 - Unauthenticated SQL Injection

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress PGS Core plugin <= 5.8.0 - Missing Authorization via Multiple Functions vulnerability

Missing Authorization via Multiple Functions vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...

PT-2025-19872 · WordPress · Pgs Core

Name of the Vulnerable Software and Affected Versions: PGS Core plugin for WordPress versions prior to 5.8.1 Description: The issue is related to a missing capability check on multiple functions, which allows unauthorized access, modification, and potential loss of data. This could enable...

WordPress plugin PGS Core 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...