CVE-2021-47870

GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting XSS vulnerability. The plugin attempts to sanitize user input using htmlspecialchars, but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary...

WordPress Hydra Booking plugin <= 1.1.32 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Hydra Booking versions = 1.1.32...

MiracleLinux 9 : containernetworking-plugins-1.4.0-6.el9_4 (AXSA:2024-8906:05)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8906:05 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

WordPress Plugin All-in-One Video Gallery Code Issues and Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Wheel of Life plugin <= 1.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Wheel of Life versions = 1.2.0...

WordPress Gotham Block Extra Light plugin <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode vulnerability

Authenticated Contributor+ Arbitrary File Read via 'ghostban' Shortcode vulnerability discovered by 0x34rth in WordPress Plugin Gotham Block Extra Light versions = 1.5.0...

PT-2026-2823

Name of the Vulnerable Software and Affected Versions Name Directory plugin for WordPress versions through 1.30.3 Description The Name Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the name...

WordPress Testimonials Creator plugin 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jochem Boender in WordPress Plugin Testimonials Creator versions 1.6...

PT-2026-2350

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

PT-2026-2624

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting XSS.This issue affects WordPress add on: 2025.7.1...

CVE-2025-14976

CVE-2025-14976 : The WordPress plugin “User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder” is affected by Cross-Site Request Forgery due to missing/incorrect nonce validation in process_row_actions f...

CVE-2025-22728

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech Workreap theme's plugin workreap allows SQL Injection.This issue affects Workreap theme's plugin: from n/a through = 3.3.6...

CVE-2023-31077

Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...

CVE-2022-0150

The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...

CVE-2017-18499

The simple-membership plugin before 3.5.7 for WordPress has XSS...

CVE-2023-25481

Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

CVE-2023-25986

Cross-Site Request Forgery CSRF vulnerability in WattIsIt PayGreen – Ancienne version plugin = 4.10.2 versions...

CVE-2023-25798

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Olevmedia Olevmedia Shortcodes plugin = 1.1.9 versions...

CVE-2023-25978

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

CVE-2023-45063

Cross-Site Request Forgery CSRF vulnerability in ReCorp AI Content Writing Assistant Content Writer, GPT 3 & 4, ChatGPT, Image Generator All in One plugin = 1.1.5 versions...