PT-2026-34309

Name of the Vulnerable Software and Affected Versions Google PageRank Display versions prior to 1.5 Description Cross-Site Request Forgery occurs due to missing nonce validation in the gpdisplay option function, which manages the plugin settings page. The settings form lacks a wp nonce field, and...

CVE-2026-24624

CVE-2026-24624 pertains to WordPress Neoforum plugin with SAEROS1984 Neoforum: SQL injection allowing Blind SQL Injection in Neoforum versions up to 1.0. Public risk details mention affected product and vulnerability type; no patch/version fix details are provided in the connected documents.

CVE-2025-14734

CVE-2025-14734 concerns the Amazon affiliate lite Plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) affecting all versions up to 1.0.0, caused by missing or incorrect nonce validation in the ADAL_settings_page function. This enables unauthenticated attackers to update...

WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin iSpring Embedder versions = 1.0...

WordPress plugin Xpresslane Fast Checkout Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-39924 · WordPress · Parallax Image

Name of the Vulnerable Software and Affected Versions: Parallax Image plugin for WordPress version 1.8 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's dd-parallax shortcode, allowing authenticated...

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2017-20124

A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

CloudBees Jenkins AWS Global Configuration Plugin Access Control Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An access control error...

WordPress zm-gallery plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in version 1.0 of the WordPress zm-gallery plugin. The vulnerability stem...