WordPress plugin Dentario 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability

Unauthenticated Privilege Escalation via Membership Registration vulnerability discovered by Foxyyy in WordPress Plugin User Registration versions = 5.1.2...

CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

WordPress plugin wpForo Forum 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The wpFo...

CVE-2024-10938

The CVE-2024-10938 entry concerns the OVRI Payment WordPress plugin (v1.7.0). The connected documents describe malicious ".htaccess" files included with the plugin that contain directives intended to block execution of certain scripts while permitting execution of selected malicious PHP files. If...

WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability

WordPress Xpro Addons - 140+ Widgets for Elementor plugin = 1.4.24 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability discovered by zer0gh0st in WordPress Plugin Xpro Elementor Addons versions = 1.4.24...

WordPress plugin uListing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Disable Admin Notices – Hide Dashboard Notifications 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-69384 WordPress Timeline Event History plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdiscover Timeline Event History timeline-event-history allows Reflected XSS.This issue affects Timeline Event History: from n/a through = 3.2...

CVE-2025-69375 WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through = 1.2.5...

CVE-2025-69377

CVE-2025-69377 : WordPress WordPress User Extra Fields plugin (wp-user-extra-fields)

CVE-2025-68852 WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through = 1.10.13...

CVE-2025-68855

CVE-2025-68855 relates to the WordPress plugin JobBoard Job listing (job-board-light) , affected up to version 1.2.8 . The issue is described as an Insertion of Sensitive Information Into Sent Data which enables retrieval of embedded sensitive data, exposing confidential information. Root cause d...

CVE-2025-68002

CVE-2025-68002 affects WordPress plugin Open User Map (&lt;= 1.4.16). The issue is path traversal allowing arbitrary file download. Wordfence reports this as an active vulnerability with patched status; PatchStack notes the vulnerability as Open User Map

CVE-2025-67971

CVE-2025-67971 is a Reflected Cross-Site Scripting vulnerability in FluentCart (WPManageNinja FluentCart fluent-cart) affecting versions before 1.3.0. The CVE entry lists a CVSS v3.1 base score of 7.1 (HIGH) with NETWORK attack vector, LOW impact on confidentiality/integrity/availability, and UI ...

CVE-2024-50555 WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through = 3.29.0...

CVE-2024-50555

CVE-2024-50555 : Affected product is Elementor Website Builder (WordPress) up to version 3.29.0. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw arising from improper input neutralization during web page generation. Multiple connected sources confirm the same issue and list the affe...

CVE-2024-54222

CVE-2024-54222 affects the WordPress Seraphinite Accelerator plugin (seraphinite-accelerator) with versions up to 2.22.15. The Red Hat and NVD entries confirm a Missing Authorization vulnerability that permits retrieval of embedded sensitive data from the Seraphinite Accelerator component. The ri...

WordPress plugin aDirectory 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

WordPress plugin Zota 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...