WordPress plugin GDReseller 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

CVE-2025-22731

CVE-2025-22731 concerns a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Build Private Store For Woocommerce (artifact name silverplugins217). Affected are versions n/a through 1.0. The available documents describe the issue as CSRF in this plugin but do not provide explo...

CVE-2025-22793 WordPress Bold pagos en linea Plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through = 3.1.4...

WordPress plugin SEO Bulk Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WR Price List Manager For Woocommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in t...

WordPress plugin Neon Product Designer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin WP News Sliders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by savphill in WordPress Plugin WordPress Backup & Migration versions = 1.5.3...

WordPress plugin Site PIN 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-11635 WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfuABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server...

CVE-2025-22502

CVE-2025-22502 describes an SQL Injection vulnerability in Mindvalley MindValley Super PageMash. The initial description states an improper neutralization of special elements used in SQL commands, enabling injection. The vulnerability is linked to MindValley Super PageMash versions from n/a up to...

CVE-2025-22572 WordPress Legacy ePlayer plugin <= 0.9.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Legacy ePlayer sportspress-tv allows Stored XSS.This issue affects Legacy ePlayer: from n/a through = 0.9.9...

CVE-2025-22297 WordPress AI WP Writer plugin <= 3.8.4.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in aipost AI WP Writer ai-wp-writer allows Cross Site Request Forgery.This issue affects AI WP Writer: from n/a through = 3.8.4.4...

CVE-2025-22316 WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1...

CVE-2025-22325

CVE-2025-22325 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Autocompleter plugin by Nik Chankov that permits a Stored XSS. Public records indicate the flaw affects Autocompleter versions from unknown up to 1.3.5.2. The root cause, as stated, is CSRF enabling Stored XSS, but ...

WordPress Croma Music plugin <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax vulnerability

Authenticated Subscriber+ Arbitrary Options Update in ironMusicajax vulnerability discovered by Tonn in WordPress Plugin Croma Music versions = 3.6...

WordPress plugin Marketplace Items 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin Saoshyant Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Social Rocket plugin <= 1.3.4 - Missing Authorization to Settings Update vulnerability

Missing Authorization to Settings Update vulnerability discovered by WordFence in WordPress Plugin Social Rocket versions = 1.3.4...

WordPress WP Youtube Gallery plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by SOPROBRO in WordPress Plugin WP Youtube Gallery versions = 1.9...