PT-2025-24650 · WordPress · The Ultimate Blocks

Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks – WordPress Blocks Plugin versions up to, and including, 3.3.3 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping. This allows...

PT-2025-21381 · WordPress · The Ultimate Noindex Nofollow Tool

Name of the Vulnerable Software and Affected Versions: The Ultimate Noindex Nofollow Tool WordPress plugin versions 1.1.2 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

PT-2024-14951 · WordPress · Custom User Css

Name of the Vulnerable Software and Affected Versions: Custom User CSS WordPress plugin versions 0.2 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could...

PT-2023-32098 · WordPress · Information Reel

Name of the Vulnerable Software and Affected Versions: Information Reel plugin for WordPress versions up to, and including, 10.0 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...

PT-2023-29905 · Stylemixthemes · Stylemixthemes Motors – Car Dealer

Name of the Vulnerable Software and Affected Versions: StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin versions 1.4.6 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into t...

Simple Ajax Chat < 20220216 - Sensitive Information Disclosure

The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it...