CVE-2026-31917 WordPress WP ERP plugin <= 1.16.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

WordPress plugin WPC Smart Wishlist for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Booktics plugin <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints vulnerability

Missing Authorization to Get Items via REST API endpoints vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Booktics versions = 1.0.16...

WordPress Themify Event Post plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Themify Event Post versions = 1.3.4...

WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by davidfdzmorilla in WordPress Plugin Elementor Website Builder versions = 3.35.5...

CVE-2026-28133

CVE-2026-28133 describes an Unrestricted Upload of a File with a Dangerous Type vulnerability in the WP Chill Filr filr-protection plugin, enabling an attacker to upload a Web Shell to the server. Affected product/component: Filr (filr-protection) versions up to and including 1.2.14. The CVSS v3....

CVE-2026-28114

CVE-2026-28114 is a vulnerability in the WordPress plugin WooCommerce License Manager (fs-license-manager) affecting versions up to and including 7.0.6. It is an Arbitrary File Upload (Unrestricted Upload of File with Dangerous Type) that can enable a Web Shell upload to the web server. Attack re...

CVE-2026-27373

CVE-2026-27373 : WordPress Tablesome plugin (Tablesome) &lt;= 1.2.3 has an SQL Injection vulnerability due to improper neutralization of special elements, enabling Blind SQL Injection. Affected product/version: Tablesome specified as &lt;= 1.2.3; root cause: improper sanitization of SQL queries; ...

CVE-2025-69340

CVE-2025-69340 is a Missing Authorization vulnerability in the WordPress plugin WeDesignTech Ultimate Booking Addon (versions up to 1.0.3). The issue enables improper access control (broken/unauthorized access) with a CVSS v3.1 base score of 7.5 (HIGH) and network attack vector with no user inter...

CVE-2025-68515 WordPress WP Booking System plugin <= 2.0.19.12 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through = 2.0.19.12...

WordPress plugin Dentario 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability

Unauthenticated Privilege Escalation via Membership Registration vulnerability discovered by Foxyyy in WordPress Plugin User Registration versions = 5.1.2...

CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

WordPress plugin wpForo Forum 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The wpFo...

CVE-2024-10938

The provided connected document identifies a concrete issue: WordPress OVRI Payment Plugin version 1.7.0 contains a Malicious .htaccess directive vulnerability. The vulnerability was reported/discovered by Marco Wotschka (Wordfence) per Patchstack. The available sources do not specify the exact r...

WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability

WordPress Xpro Addons - 140+ Widgets for Elementor plugin = 1.4.24 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability discovered by zer0gh0st in WordPress Plugin Xpro Elementor Addons versions = 1.4.24...

WordPress plugin uListing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Disable Admin Notices – Hide Dashboard Notifications 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-69384 WordPress Timeline Event History plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdiscover Timeline Event History timeline-event-history allows Reflected XSS.This issue affects Timeline Event History: from n/a through = 3.2...

CVE-2025-69375 WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through = 1.2.5...