PT-2025-31604 · Elementor +1 · Elementor +1

Name of the Vulnerable Software and Affected Versions: Stratum – Elementor Widgets versions up to and including 1.6.0 Description: The Stratum – Elementor Widgets plugin for WordPress is susceptible to Stored Cross-Site Scripting through the Advanced Google Maps and Image Hotspot widgets...

WP Publications WordPress Plugin 1.2 - Stored XSS

Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS Google Dork: inurl:/wp-content/plugins/wp-publications/ Date: 2025-07-15 Exploit Author: Zeynalxan Quliyev Vendor Homepage: https://wordpress.org/plugins/wp-publications/ Software Link:...

PT-2025-28844 · WordPress · Sureforms

Name of the Vulnerable Software and Affected Versions: SureForms – Drag and Drop Form Builder for WordPress versions up to 1.7.3 Description: The issue allows unauthenticated attackers to inject a PHP object through the use of file exists in the delete entry files function without restriction on...

PT-2025-27346 · WordPress · Db Backup +1

Name of the Vulnerable Software and Affected Versions: EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress versions up to, and including, 5.25.11 Description: The issue is related to Stored Cross-Site Scripting via the plugin's SQLREPORT shortcode due to insufficient input...

PT-2025-25642

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload for Contact Form 7 versions 1.3.8.9 and earlier Description The issue is related to insufficient file type validation, allowing unauthenticated attackers to bypass the plugin's blacklist and upload dangerous...

PT-2025-20486 · WordPress · Frontend Login/Registration Blocks

Name of the Vulnerable Software and Affected Versions: Frontend Login and Registration Blocks plugin for WordPress versions 1.0.0 through 1.0.7 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identi...

PT-2025-18362 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form WordPress plugin versions prior to 5.2.62 Description: The issue concerns the Calculated Fields Form WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege...

PT-2024-35857 · WordPress · Wp Mermaid

Name of the Vulnerable Software and Affected Versions: WP Mermaid versions 1.0.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious scripts into the...

PT-2024-21600 · WordPress · Socialdriver-Framework

Name of the Vulnerable Software and Affected Versions: socialdriver-framework WordPress plugin versions prior to 2024.0.0 Description: The issue arises from the socialdriver-framework WordPress plugin not validating and escaping some of its shortcode attributes before outputting them back in the...

PT-2024-18278 · WordPress · Nps Computy Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: NPS computy WordPress plugin versions 2.7.5 and earlier Description: The issue concerns the lack of CSRF checks in certain areas of the plugin, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks...

PT-2024-15475 · WordPress · Travelpayouts: All Travel Brands In One Place

Name of the Vulnerable Software and Affected Versions: Travelpayouts: All Travel Brands in One Place WordPress plugin versions 1.1.15 and earlier Description: The issue is related to insufficient validation on the travelpayouts redirect variable, making it possible for unauthenticated attackers t...

PT-2023-20695 · WordPress · Wpindeed Debug Assistant

Name of the Vulnerable Software and Affected Versions: WPIndeed Debug Assistant plugin versions 1.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

PT-2023-32282 · WordPress · Wd Widgettwitter

Name of the Vulnerable Software and Affected Versions: WD WidgetTwitter plugin for WordPress versions up to, and including, 1.0.9 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...

PT-2023-27194 · Std.Cloud · Wxsync Plugin

Name of the Vulnerable Software and Affected Versions: std.Cloud WxSync plugin versions = 2.7.23 Description: A Stored Cross-Site Scripting XSS vulnerability exists, allowing authenticated contributors to inject malicious scripts. The issue affects versions of the WxSync plugin up to and includin...

PT-2023-19008 · WordPress · Chp Ads Block Detector

Name of the Vulnerable Software and Affected Versions: CHP Ads Block Detector plugin for WordPress versions up to, and including, 3.9.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the chp abd action function. This allows...

PT-2023-23705 · Getbutton.Io · Getbutton Chat Button

Name of the Vulnerable Software and Affected Versions: GetButton Chat Button by GetButton.Io plugin versions 1.8.9.4 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin privileges can inject...

PT-2023-19169 · WordPress · Joel James Lazy Social Comments

Name of the Vulnerable Software and Affected Versions: Joel James Lazy Social Comments plugin versions = 2.0.4 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scripts into the...

PT-2022-24039 · WordPress · Wpsmartcontracts

Name of the Vulnerable Software and Affected Versions: WPSmartContracts WordPress plugin versions prior to 1.3.12 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploit...

PT-2022-21147 · WordPress · Advanced Comment Form

Name of the Vulnerable Software and Affected Versions: Advanced Comment Form WordPress plugin versions prior to 1.2.1 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...

PT-2022-16549 · WordPress · Dw Promobar

Name of the Vulnerable Software and Affected Versions: DW Promobar WordPress plugin versions 1.0.0 through 1.0.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...