WordPress Contact Form Email plugin <= 1.3.60 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Rooting in WordPress Plugin Contact Form Email versions = 1.3.60...

CVE-2025-12578

The Reuters Direct WordPress plugin (

WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.8...

CVE-2025-13597 AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...

WordPress ANAC XML Bandi di Gara plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin ANAC XML Bandi di Gara versions = 7.7...

WordPress UiPress lite plugin <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by abrahack in WordPress Plugin UiPress lite versions = 3.5.08...

WordPress Accordion Slider plugin <= 1.9.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Accordion Slider versions = 1.9.13...

PT-2025-47835

Name of the Vulnerable Software and Affected Versions OneClick Chat to Order plugin for WordPress versions up to and including 1.0.8 Description The OneClick Chat to Order plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of validation on a...

CVE-2025-66107 WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through = 1.1.7...

CVE-2025-66092 WordPress Accordion Slider plugin <= 1.9.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through = 1.9.13...

CVE-2025-66072 WordPress UsersWP plugin <= 1.2.47 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through = 1.2.47...

CVE-2025-66066 WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through = 1.9.11...

CVE-2025-66057 WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through = 5.5.2...

WordPress plugin WP Google Review Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Magical Products Display 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

WordPress plugin HotelRunner Booking Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...

CVE-2025-12502 Attention Bar <= 0.7.2.1 - Admin+ SQLi

The attention-bar WordPress plugin through 0.7.2.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users such as administrator to perform SQL injection attacks...

PT-2025-47556

The attention-bar WordPress plugin through 0.7.2.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users such as administrator to perform SQL injection attacks...

WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms FreshDesk Plugin versions = 1.3.5...

CVE-2025-11267

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'veucustomcss' parameter in all versions up to, and including, 9.112.1. This is due to insufficient input sanitization and output escaping on the user-supplied Custom CSS value. This makes i...