CVE-2015-9323

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection...

CVE-2014-10378

The duplicate-post plugin before 2.6 for WordPress has XSS...

CVE-2019-16566

A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10421

Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003065

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2014-5199

Cross-site request forgery CSRF vulnerability in the WordPress File Upload plugin wp-file-upload before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...

CVE-2019-1003070

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2016-11008

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpipaypal payer metadata updates...

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field...

CVE-2015-9313

The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element...

CVE-2017-18584

The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action...

CVE-2014-8364

Cross-site scripting XSS vulnerability in sshandler.php in the WordPress Spreadsheet wpSS plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...

CVE-2015-9294

The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in addqueryarg and removequeryarg function instances...

CVE-2025-4803

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated attackers, with...

PT-2025-22341 · WordPress · The Glossary

Name of the Vulnerable Software and Affected Versions: The Glossary by WPPedia – Best Glossary plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the posttypes parameter. This allows...

WordPress WP YouTube Video Optimizer plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin WP YouTube Video Optimizer versions = 1.2...

PT-2025-22124 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress plugins affected versions not specified Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the SimpleLightbox JavaScript library, version 2.1.5, which is bundled wit...

WordPress Coupons & Add to Cart by URL Links for WooCommerce plugin <= 1.7.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Coupons & Add to Cart by URL Links for WooCommerce versions = 1.7.7...

WordPress Everest Forms plugin < 3.0.3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.3.1...

WordPress The Events Calendar plugin < 6.6.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin The Events Calendar versions 6.6.4...