PT-2024-38637 · WordPress · Simple Headline Rotator

Name of the Vulnerable Software and Affected Versions: The Simple Headline Rotator WordPress plugin version 1.0 Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Store...

PT-2024-38531 · WordPress · Logo Slider

Name of the Vulnerable Software and Affected Versions: The Logo Slider WordPress plugin versions prior to 3.6.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example i...

CVE-2024-7891

The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress plugin Tutor LMS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2024-38536 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress versions up to, and including, 2.5.32 Description: The issue is related to unauthorized access of data due to a missing capability check on multiple functions called...

WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability

Unauthenticated Account Takeover via Cookie Leak vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin LiteSpeed Cache versions 6.5.0.1...

WordPress Front End Users plugin <= 3.2.28 - Authenticated (Contributor+) Time-Based SQL Injection vulnerability

Authenticated Contributor+ Time-Based SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Front End Users versions = 3.2.28...

WordPress plugin EmbedPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress plugin Viral Signup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Reviews Feed 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Favicon Generator plugin <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by Marco Wotschka in WordPress Plugin Favicon Generator versions = 1.5...

WordPress plugin Ultimate Membership Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin e2pdf versions = 1.25.05...

WordPress WooCommerce - Social Login plugin <= 2.7.5 - Authentication Bypass to Account Takeover vulnerability

WordPress WooCommerce - Social Login plugin = 2.7.5 - Authentication Bypass to Account Takeover vulnerability discovered by Truoc Phan in WordPress Plugin WooCommerce Social Login versions = 2.7.5...

WordPress plugin WPSection 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress plugin Depicter Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

WordPress BSK Forms Blacklist plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin BSK Forms Blacklist versions = 3.8...

WordPress Participants Database plugin <= 2.5.9.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Participants Database versions = 2.5.9.2...

WordPress plugin CRM Perks Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Zephyr Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...