CVE-2025-69375 WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through = 1.2.5...

CVE-2025-69377

CVE-2025-69377 : WordPress WordPress User Extra Fields plugin (wp-user-extra-fields)

CVE-2025-68855

CVE-2025-68855 relates to the WordPress plugin JobBoard Job listing (job-board-light) , affected up to version 1.2.8 . The issue is described as an Insertion of Sensitive Information Into Sent Data which enables retrieval of embedded sensitive data, exposing confidential information. Root cause d...

CVE-2025-68852 WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2025-68002

CVE-2025-68002 affects WordPress plugin Open User Map (&lt;= 1.4.16). The issue is path traversal allowing arbitrary file download. Wordfence reports this as an active vulnerability with patched status; PatchStack notes the vulnerability as Open User Map

CVE-2025-67971

CVE-2025-67971 is a Reflected Cross-Site Scripting vulnerability in FluentCart (WPManageNinja FluentCart fluent-cart) affecting versions before 1.3.0. The CVE entry lists a CVSS v3.1 base score of 7.1 (HIGH) with NETWORK attack vector, LOW impact on confidentiality/integrity/availability, and UI ...

CVE-2024-50555

CVE-2024-50555 : Affected product is Elementor Website Builder (WordPress) up to version 3.29.0. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw arising from improper input neutralization during web page generation. Multiple connected sources confirm the same issue and list the affe...

CVE-2024-50555 WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through = 3.29.0...

CVE-2024-54222

CVE-2024-54222 affects the WordPress Seraphinite Accelerator plugin (seraphinite-accelerator) with versions up to 2.22.15. The Red Hat and NVD entries confirm a Missing Authorization vulnerability that permits retrieval of embedded sensitive data from the Seraphinite Accelerator component. The ri...

WordPress plugin Zota 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin aDirectory 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

CVE-2026-27057 WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...

CVE-2026-25453 WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through = 2025.10...

CVE-2026-25409 WordPress JAMstack Deployments plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through = 1.1.1...

CVE-2026-25362 WordPress FooGallery plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through = 3.1.11...

CVE-2026-23805 WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through = 0.9.1...

CVE-2026-24392

CVE-2026-24392 concerns a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress HurryTimer plugin (versions

CVE-2025-12707 Library Management System <= 3.2.1 - Unauthenticated SQL Injection

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

WordPress plugin iXML 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin XO Event Calendar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...