WordPress plugin Flaming Password Reset 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2022-27856

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Atlas Gondal Export All URLs plugin = 4.1 versions...

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

WordPress plugin Premmerce WooCommerce Customers Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-31642 WordPress WPCHURCH plugin <= 2.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2025-32304 WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2025-69359 WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through = 1.1.12...

CVE-2025-69085 WordPress JobBank plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins JobBank jobbank allows Reflected XSS.This issue affects JobBank: from n/a through = 1.2.2...

CVE-2025-11723 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash function due to use of a hardcoded fall-back salt. This makes it possible for...

CVE-2023-51513 WordPress Geo Controller plugin <= 8.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from n/a through 8.5.2...

CVE-2025-68014 WordPress AweBooking plugin <= 3.2.26 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in awethemes AweBooking awebooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through = 3.2.26...

WordPress Owl Carousel WP plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NumeX in WordPress Plugin Owl Carousel WP versions = 2.2.2...

CVE-2025-23707 WordPress En Masse plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matamko En Masse en-masse-wp allows Reflected XSS.This issue affects En Masse: from n/a through = 1.0...

WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin Behance Portfolio Manager versions = 1.7.5...

CVE-2025-62088 WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7...

CVE-2025-62874 WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6...

CVE-2025-62143 WordPress Post Video Players plugin <= 1.163 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players video-playlist-and-gallery-plugin allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through = 1.163...

CVE-2025-62116 WordPress AI Copilot plugin <= 1.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through = 1.5.2...

CVE-2025-62116

CVE-2025-62116 is described in the initial document as a Missing Authorization vulnerability in the QuadLayers AI Copilot (WordPress plugin), affecting versions from unknown up to and including 1.4.7. The connected Wordfence document substantively corroborates that AI Copilot is affected by a Mis...

CVE-2025-62126 WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through = 1.8.3...