WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika in WordPress Plugin Database Sync versions = 0.5.1...

WordPress Live Dashboard plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Live Dashboard versions = 0.3.3...

WordPress Stars SMTP Mailer plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Muhamad Agil Fachrian in WordPress Plugin Stars SMTP Mailer versions = 1.7...

WordPress Wp-Scribd-List plugin <= 1.2 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Joshua Chan in WordPress Plugin Wp-Scribd-List versions = 1.2...

WordPress plugin GravatarLocalCache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress plugin Winning Portfolio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin GDReseller 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

WordPress plugin Web Push 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin HTTP to HTTPS link changer by Eyga.net 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin HTTP to HTTPS link changer by...

CVE-2025-22731

CVE-2025-22731 concerns a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Build Private Store For Woocommerce (artifact name silverplugins217). Affected are versions n/a through 1.0. The available documents describe the issue as CSRF in this plugin but do not provide explo...

CVE-2025-22793 WordPress Bold pagos en linea Plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through = 3.1.4...

WordPress plugin WR Price List Manager For Woocommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in t...

WordPress plugin Neon Product Designer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin SEO Bulk Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP News Sliders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by savphill in WordPress Plugin WordPress Backup & Migration versions = 1.5.3...

WordPress plugin Site PIN 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-11635 WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfuABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server...

CVE-2025-22502

CVE-2025-22502 describes an SQL Injection vulnerability in Mindvalley MindValley Super PageMash. The initial description states an improper neutralization of special elements used in SQL commands, enabling injection. The vulnerability is linked to MindValley Super PageMash versions from n/a up to...

CVE-2025-22572 WordPress Legacy ePlayer plugin <= 0.9.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Legacy ePlayer sportspress-tv allows Stored XSS.This issue affects Legacy ePlayer: from n/a through = 0.9.9...