WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin PGS Core versions = 5.9.0...

CVE-2025-60118 WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through = 5.9.0...

CVE-2025-60118

CVE-2025-60118 – PotenzaglobalS’s PGS Core

CVE-2025-60118 WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through = 5.9.0...

CVE-2025-0856

The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options...

CVE-2025-0853

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-0856

The CVE (CVE-2025-0856) concerns the WordPress PGS Core plugin and is caused by a missing capability check in multiple functions, affecting all versions up to and including 5.8.0. This permits unauthenticated attackers to access, modify, or delete plugin options, effectively enabling unauthorized...

CVE-2025-0855 PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

CVE-2025-0853

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-0853

CVE-2025-0853: PGS Core WordPress plugin

CVE-2025-0853 PGS Core <= 5.8.0 - Unauthenticated SQL Injection

The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'saveheaderbuilder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

PT-2025-19872 · WordPress · Pgs Core

Name of the Vulnerable Software and Affected Versions: PGS Core plugin for WordPress versions prior to 5.8.1 Description: The issue is related to a missing capability check on multiple functions, which allows unauthorized access, modification, and potential loss of data. This could enable...

PT-2025-19871 · WordPress · Pgs Core

Name of the Vulnerable Software and Affected Versions: PGS Core plugin for WordPress versions up to, and including, 5.8.0 Description: The issue concerns PHP Object Injection via deserialization of untrusted input in the import header function, allowing unauthenticated attackers to inject a PHP...