1726 matches found
CVE-2025-22297 WordPress AI WP Writer plugin <= 3.8.4.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in aipost AI WP Writer ai-wp-writer allows Cross Site Request Forgery.This issue affects AI WP Writer: from n/a through = 3.8.4.4...
CVE-2025-22316 WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1...
CVE-2025-22325
CVE-2025-22325 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Autocompleter plugin by Nik Chankov that permits a Stored XSS. Public records indicate the flaw affects Autocompleter versions from unknown up to 1.3.5.2. The root cause, as stated, is CSRF enabling Stored XSS, but ...
WordPress Croma Music plugin <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax vulnerability
Authenticated Subscriber+ Arbitrary Options Update in ironMusicajax vulnerability discovered by Tonn in WordPress Plugin Croma Music versions = 3.6...
WordPress plugin Saoshyant Page Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Marketplace Items 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress Social Rocket plugin <= 1.3.4 - Missing Authorization to Settings Update vulnerability
Missing Authorization to Settings Update vulnerability discovered by WordFence in WordPress Plugin Social Rocket versions = 1.3.4...
WordPress WP Youtube Gallery plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by SOPROBRO in WordPress Plugin WP Youtube Gallery versions = 1.9...
WordPress Chative Live chat and Chatbot plugin <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function vulnerability
Cross-Site Request Forgery via addchativewidgetaction Function vulnerability discovered by Peter Thaleikis in WordPress Plugin Chative Live chat and Chatbot versions = 1.1...
CVE-2023-45045 WordPress WP Custom Widget area plugin <= 1.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through = 1.2.5...
CVE-2024-56034 WordPress Services updates for customers plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Irshad Services updates for customers allows Reflected XSS.This issue affects Services updates for customers: from n/a through 1.0...
WordPress AHAthat Plugin plugin <= 1.6 - Reflected XSS via REQUEST_URI vulnerability
Reflected XSS via REQUESTURI vulnerability discovered by Bob Matyas in WordPress Plugin AHAthat versions = 1.6...
WordPress plugin WP Word Count 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin 10WebAnalytics 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
CVE-2024-56222 WordPress CodeBard Help Desk plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through = 1.1.1...
WordPress plugin WP Nice Loader 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site reques...
WordPress plugin Widget Options 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-10858 Jetpack 13.0-14.0 - Unauthenticated DOM-XSS
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com...
WordPress BookingPress plugin <= 1.1.21 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by shaman0x01 in WordPress Plugin BookingPress versions = 1.1.21...
WordPress plugin Advanced Google reCAPTCHA 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...