CVE-2025-26941 WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through = 5.0.18...

CVE-2025-1911

CVE-2025-1911 (Product Import Export for WooCommerce – Import Export Product CSV Suite, WordPress) . The vulnerability arises from insufficient file path validation in the admin_log_page() function, allowing a directory traversal to occur. This enables an authenticated attacker with Administrator...

CVE-2024-11272

CVE-2024-11272 affects the WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms (versions before 2.6.0). The root cause is lack of sanitization and escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed ...

WordPress Iron Security 2.2.3 IP Spoofing

WordPress Iron Security plugin versions 2.2.3 and below suffer from a source IP spoofing vulnerability. Wordpress Plugin Iron Security - IP Spoofing Exploit Author: bRpsd | cyatlive.no Date: March 20, 2025 Product: https://wordpress.org/plugins/iron-security/ Version: 2.2.3 and below CVE : N/A...

CVE-2025-30620 WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in coderscom WP Odoo Form Integrator wp-odoo-form-integrator allows Stored XSS.This issue affects WP Odoo Form Integrator: from n/a through = 1.1.0...

CVE-2025-30604 WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in jiangqie JiangQie Official Website Mini Program jiangqie-official-website-mini-program allows Blind SQL Injection.This issue affects JiangQie Official Website Mini Program: from n/a through = 1.8.2...

CVE-2025-30587 WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery CSRF vulnerability in shawfactor LH OGP Meta lh-ogp-meta-tags allows Stored XSS.This issue affects LH OGP Meta: from n/a through = 1.73...

WordPress GMO Font Agent plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin GMO Font Agent versions = 1.6...

WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Docpro versions = 2.0.1...

WordPress Pixobe Cartography plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Pixobe Cartography versions = 1.0.1...

CVE-2025-2262

CVE-2025-2262 – WordPress Logo Slider (GS-Logo-Slider) vulnerability : Affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation for WordPress, versions up to and including 3.7.3. The flaw arises from executing an action without proper validation before running...

WordPress plugin CiyaShop 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

Exploit for CVE-2025-28915

CVE-2025-28915 - WordPress ThemeEgg ToolKit Arbitrary File Upl...

WordPress Post Read Time plugin <= 1.2.6 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Post Read Time versions = 1.2.6...

WordPress Builder for Contact Form 7 by Webconstruct plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Builder for Contact Form 7 by Webconstruct versions = 1.2.2...

WordPress Maintenance Notice plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Maintenance Notice versions = 1.0.6...

CVE-2025-28868 WordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ZipList ZipList Recipe ziplist-recipe-plugin allows Cross Site Request Forgery.This issue affects ZipList Recipe: from n/a through = 3.1...

CVE-2025-28914 WordPress wordpress login form to anywhere plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Sharma wordpress login form to anywhere wp-show-login-form allows Stored XSS.This issue affects wordpress login form to anywhere: from n/a through = 0.2...

CVE-2025-28902 WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through = 0.6...

CVE-2025-28895 WordPress Custom top bar plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suman Biswas Custom top bar custom-top-bar allows Stored XSS.This issue affects Custom top bar: from n/a through = 2.1...