CVE-2023-45060

Cross-Site Request Forgery CSRF vulnerability in Fla-shop.Com Interactive World Map plugin = 3.2.0 versions...

CVE-2023-40556

Cross-Site Request Forgery CSRF vulnerability in Greg Ross Schedule Posts Calendar plugin = 5.2 versions...

CVE-2023-40008

Cross-Site Request Forgery CSRF vulnerability in Gangesh Matta Simple Org Chart plugin = 2.3.4 versions...

CVE-2023-40210

Cross-Site Request Forgery CSRF vulnerability in Sean Barton Tortoise IT SB Child List plugin = 4.5 versions...

CVE-2023-40681

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. Groundhogg plugin = 2.7.11.10 versions...

CVE-2023-45769

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Alex Raven WP Report Post plugin = 2.1.2 versions...

CVE-2023-45006

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin = 2.4.6 versions...

CVE-2023-40667

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Lasso Simple URLs plugin = 117 versions...

CVE-2025-13753

CVE-2025-13753 refers to the WP Table Builder – Drag & Drop Table Builder plugin for WordPress. The issue is an incorrect authorization check on save_table() , enabling authenticated users with Subscriber+ privileges to create new wptb-table posts in versions up to and including 2.0.19. The Wordf...

CVE-2025-68890

CVE-2025-68890 is a DOM-based XSS in the hands01 e-shops e-shops-cart2 plugin (WordPress) caused by improper input neutralization during web-page generation, affecting versions from n/a through

CVE-2025-68891 WordPress WP App Bar plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through = 1.5...

CVE-2025-23504 WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through = 1.1.3...

WordPress plugin Flaming Password Reset 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2022-27856

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Atlas Gondal Export All URLs plugin = 4.1 versions...

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

WordPress plugin Premmerce WooCommerce Customers Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-31642 WordPress WPCHURCH plugin <= 2.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2025-32304 WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2025-69359 WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through = 1.1.12...

CVE-2025-69085 WordPress JobBank plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins JobBank jobbank allows Reflected XSS.This issue affects JobBank: from n/a through = 1.2.2...