WordPress WP-Polls plugin <= 2.77.2 - Unauthenticated SQL Injection to Stored Cross-Site Scripting vulnerability

Unauthenticated SQL Injection to Stored Cross-Site Scripting vulnerability discovered by Jack Taylor in WordPress Plugin WP-Polls versions = 2.77.2...

CVE-2024-12071 Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletenetworkpost function in all versions up to, and including, 1.4.4. This makes it possible for...

Photon OS 5.0: Rsync PHSA-2025-5.0-0447

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0447. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-23872 WordPress PayForm plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in payform PayForm payform allows Stored XSS.This issue affects PayForm: from n/a through = 2.0...

CVE-2025-23871

CVE-2025-23871 is a CSRF vulnerability in the LSD Google Maps Embedder. Public description indicates it affects versions up to 1.1, but the connected Red Hat entry only reiterates the CSRF issue without listing an available patch or fixed version. No exploits, mitigation steps, or precise remedia...

CVE-2025-23689 WordPress Blogger Image Import plugin <= 2.1 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a...

CVE-2025-23649 WordPress Auphonic Importer plugin <= 1.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kreg Steppe Auphonic Importer auphonic-importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through = 1.5.1...

CVE-2025-23660 WordPress MFPlugin plugin <= 1.3 - CSRF to Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3...

CVE-2025-23537 WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3...

WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin iSpring Embedder versions = 1.0...

WordPress Group category creator plugin <= 1.3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by thiennv in WordPress Plugin Group category creator versions = 1.3.0.3...

WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Userbase Access Control versions = 1.0...

WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika in WordPress Plugin Database Sync versions = 0.5.1...

WordPress Live Dashboard plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Live Dashboard versions = 0.3.3...

WordPress Stars SMTP Mailer plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin Stars SMTP Mailer versions = 1.7...

WordPress Wp-Scribd-List plugin <= 1.2 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Joshua Chan in WordPress Plugin Wp-Scribd-List versions = 1.2...

WordPress plugin HTTP to HTTPS link changer by Eyga.net 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin HTTP to HTTPS link changer by...

WordPress plugin Winning Portfolio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Web Push 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin GravatarLocalCache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...