WordPress plugin Private WP suite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-34316

The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...

PT-2026-34309

Name of the Vulnerable Software and Affected Versions Google PageRank Display versions prior to 1.5 Description Cross-Site Request Forgery occurs due to missing nonce validation in the gpdisplay option function, which manages the plugin settings page. The settings form lacks a wp nonce field, and...

WordPress plugin HTTP Headers 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

WordPress Private WP suite plugin <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Private WP suite versions = 0.4.1...

WordPress plugin Email Encoder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

WordPress plugin Riaxe Product Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-6372 WordPress Accept Cryptocurrencies with Plisio plugin <= 2.0.5 - Payment Bypass vulnerability

Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5...

CVE-2025-15636

CVE-2025-15636 concerns the WordPress plugin YouTube Showcase (versions up to 3.5.1). The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during page generation, enabling injected scripts to run in the context of users viewing the affected pag...

CVE-2026-40734 WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through = 3.3.1...

WordPress Avada (Fusion) Builder plugin <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution vulnerability

Authenticated Subscriber+ Limited Arbitrary WordPress Action Execution vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.15.1...

WordPress BlockArt Blocks plugin <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'clientId' Block Attribute vulnerability discovered by WordFence in WordPress Plugin BlockArt Blocks versions = 2.2.15...

SUSE CVE-2026-35204

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not...

WordPress ProSolution WP Client plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess vulnerability

Unauthenticated Arbitrary File Upload via proSolfileUploadProcess vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin ProSolution WP Client versions = 1.9.9...

EUVD-2026-20846

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

CVE-2026-39708 WordPress UiCore Elements plugin <= 1.3.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...

CVE-2026-39663

WordPress plugin TrueBooker (truebooker-appointment-booking) for the WordPress plugin “TrueBooker” is affected by CVE-2026-39663 with a broken access control vulnerability due to missing authorization. Affected scope includes TrueBooker versions up to and including 1.1.5. The vulnerability arises...

CVE-2026-39660

...

CVE-2026-39652 WordPress iGMS Direct Booking plugin <= 1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through = 1.3...

CVE-2026-39630 WordPress Getty Images plugin <= 4.1.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through = 4.1.0...