CVE-2024-11635

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfuABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server...

CVE-2025-22794 WordPress World Cup Predictor Plugin <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS. This issue affects World Cup Predictor: from n/a through 1.9.6...

WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Pham Van Tam in WordPress Plugin Songkick Concerts and Festivals versions = 0.9.7...

WordPress Alert Box Block plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Pham Van Tam Patchstack Alliance in WordPress Plugin Alert Box Block – Display notice/alerts in the front end versions = 1.1.0...

CVE-2025-22703 WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in manuelvicedo Forge – Front-End Page Builder forge allows Stored XSS.This issue affects Forge – Front-End Page Builder: from n/a through = 1.4.6...

CVE-2025-22688

CVE-2025-22688 affects WordPress plugin Unlimited Page Sidebars (versions

WordPress plugin .TUBE Video Curator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Powerful Auto Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress SW Plus Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin SW Plus versions = 2.1...

WordPress UniTimetable plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin UniTimetable versions = 1.1...

WordPress MagicForm - WordPress Form Builder plugin <= 1.6.2 - Missing Authorization vulnerability

WordPress MagicForm - WordPress Form Builder plugin = 1.6.2 - Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin MagicForm versions = 1.6.2...

WordPress Botnet Attack Blocker plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Botnet Attack Blocker versions = 2.0.0...

CVE-2025-24609 WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through = 3.2.4...

CVE-2025-23759

CVE-2025-23759 is a reflected XSS vulnerability in the WordPress plugin Affiliate Tools Việt Nam (Leduchuy89VN) affecting versions up to 0.3.17. The issue stems from improper neutralization of input during web page generation. CVSS 3.1 base score 7.1 (HIGH) with network access, no privileges, and...

CVE-2025-23976 WordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in operationsissuu Issuu Panel issuu-panel allows Stored XSS.This issue affects Issuu Panel: from n/a through = 2.1.1...

WordPress plugin User Messages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin SKT Donation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress Single-user-chat plugin <= 0.5 - Authenticated (Subscriber+) Limited Options Update vulnerability

Authenticated Subscriber+ Limited Options Update vulnerability discovered by Colin Xu in WordPress Plugin Single-user-chat versions = 0.5...

CVE-2024-12709

The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2025-24671

Deserialization of Untrusted Data vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Object Injection.This issue affects Save as PDF: from n/a through = 4.4.0...