CVE-2020-37071

CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download...

WordPress plugin VNPAY Payment gateway 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-39718

Name of the Vulnerable Software and Affected Versions Professional Contact Form plugin for WordPress versions prior to 1.0.1 Description The Professional Contact Form plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of proper nonce validation within the...

CVE-2025-5060

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebookajaxlogincallback. This makes it possible for...

CVE-2025-53221 WordPress CodeablePress plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a through = 1.0.2...

CVE-2025-52794 WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Creative-Solutions Creative Contact Form sexy-contact-form allows Stored XSS.This issue affects Creative Contact Form: from n/a through = 1.0.0...

WordPress plugin Likes and Dislikes Plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2023-32589

Cross-Site Request Forgery CSRF vulnerability in PingOnline Dyslexiefont Free plugin = 1.0.0 versions...

CVE-2023-24372

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in USB Memory Direct Simple Custom Author Profiles plugin = 1.0.0 versions...

WordPress plugin Doctor Appointment Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2025-1988 · WordPress · Dyn Business Panel

Name of the Vulnerable Software and Affected Versions: Dyn Business Panel WordPress plugin version 1.0.0 Description: The issue arises from the plugin not sanitizing and escaping a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting that could be used...

WordPress plugin Unseen Blog 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2023-28622

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in Trident Technolabs Easy Slider Revolution plugin = 1.0.0 versions...

CVE-2023-24372

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in USB Memory Direct Simple Custom Author Profiles plugin = 1.0.0 versions...

PT-2022-24842 · WordPress · Buddybadges

Name of the Vulnerable Software and Affected Versions: buddybadges WordPress plugin versions 1.0.0 and earlier Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by...

PT-2021-23883 · Jenkins · Jenkins Squash Tm Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows attackers who can control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled...

WordPress wp-whois-domain plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in version 1.0.0 of the WordPress wp-whois-domain plugin. The...

WordPress rss-feed-post-generator-echo 1.0.0 Database Disclosure

Exploit Title : WordPress rss-feed-post-generator-echo Plugins 1.0.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 03/12/2018 Vendor Homepage : wordpress.org/plugins/echo-rss-feed-post-generator-free-version/ +...