1744 matches found
Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure
Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...
Giga Messenger WordPress - Cross-Site Scripting
Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
WordPress Themify Builder < 7.5.8 - Open Redirect
The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...
CVE-2026-57763
CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.
CVE-2026-57755 WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...
CVE-2026-57751 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...
CVE-2026-57354
The CVE-2026-57354 entry describes a Subscriber Cross Site Scripting (XSS) vulnerability in the WordPress JetReviews plugin limited to versions
WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by w41bu1 in WordPress Plugin SportsPress Pro versions = 2.7.29...
WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by suyoung kimAhnLab - AhnLab in WordPress Plugin Ninja Forms versions = 3.14.1...
CVE-2026-9576
CVE-2026-9576 affects the Fluent Booking WordPress plugin (versions before 2.1.2). The vulnerability arises from not verifying ownership of the requested group_id before exporting attendees data via the export endpoint, allowing users with at least the Calendar Manager role to access attendees’ P...
CVE-2026-57656 WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...
CVE-2026-57653
CVE-2026-57653 describes a SQL Injection vulnerability in the WordPress plugin WP Job Portal (versions
CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...
CVE-2026-57313
CVE-2026-57313 concerns a Subscriber XSS vulnerability in the WordPress plugin SureCart up to version 4.2.2 . The public records describe an XSS issue affecting subscribers, but do not provide concrete exploit scenarios, affected subcomponents, or a detailed root cause beyond the general class of...
CVE-2026-56067
CVE-2026-56067 affects WordPress JetSmartFilters plugin versions up to and including 3.8.3. The vulnerability is an unauthenticated SQL Injection in JetSmartFilters (plugin/WP integration). The root cause, as stated in the sources, is a SQL injection flaw that can be exploited without authenticat...
CVE-2026-56039
The provided connected sources confirm a vulnerability in the WordPress Quick Interest Slider plugin, version
CVE-2026-24547
The vulnerability CVE-2026-24547 affects the WordPress SiteGround Email Marketing plugin (versions up to and including 1.7.5). It is described as Unauthenticated Broken Access Control, indicating that an attacker could access restricted functionality or data without authentication. The CVSS v3.1 ...
CVE-2026-57299
Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...
CVE-2026-57298
CVE-2026-57298: A CSRF in the Jenkins Contrast Continuous Application Security Plugin (version 3.11 and earlier) allows an attacker to cause Jenkins to access an attacker-specified URL using attacker-specified username, API key, and service key. Affected: Jenkins Contrast Continuous Application S...
WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...