EUVD-2022-29580

Malicious code in bioql PyPI...

WordPress plugin ThemeMove Core 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Booster for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Booster for WooCommerce Plugin that stems from a lack of file type validation in the addfilestoorder function, which can be...

CVE-2025-8213

The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscanajaxquarantine' and 'nscanquarantineselect' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated...

CVE-2015-10144

The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary...

CVE-2025-5240

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-27597 · WordPress · Magic Buttons For Elementor

Name of the Vulnerable Software and Affected Versions: Magic Buttons for Elementor plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

CVE-2025-53260

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-53322

CVE-2025-53322 is a WordPress vulnerability in the plugin Accept Authorize.NET Payments Using Contact Form 7 . The issue stems from an insertion of sensitive information into sent data, which can allow retrieval of embedded sensitive data. Affected software: Accept Authorize.NET Payments Using Co...

CVE-2025-53304

CVE-2025-53304 concerns the WordPress plugin “Contact Form – 7: Hide Success Message.” It affects versions up to 1.1.4 and is described as a Missing Authorization vulnerability that allows accessing functionality not properly constrained by ACLs. The CVE entry indicates a base score of 5.3 (Mediu...

WordPress Infility Global plugin <= 2.14.51 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xVenus in WordPress Plugin Infility Global versions = 2.14.51...

CVE-2025-52782 WordPress Scroll UP plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in King Rayhan Scroll UP scroll-to-up allows Reflected XSS.This issue affects Scroll UP: from n/a through = 2.0...

CVE-2025-49763

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

CVE-2025-6061

The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4585

CVE-2025-4585 - The IRM Newsroom WordPress plugin (versions

CVE-2025-48124 WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Path Traversal.This issue affects Spreadsheet...

CVE-2025-4857 Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server,...

CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function

The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...

CVE-2025-4683

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createblog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, wit...

CVE-2024-8662

The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...