CVE-2025-60221 WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...

CVE-2025-60211 WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through = 3.2.3...

CVE-2025-60132 WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through = 1.2...

CVE-2025-59007

CVE-2025-59007 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin TF Woo Product Grid Addon For Elementor (tf-woo-product-grid) up to version 1.0.1. The issue enables Object Injection due to unsafe deserialization of data, with the public records indicating a high...

CVE-2025-58916 WordPress Author: Munzir plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Munzir Author: Munzir myshouts-shoutbox allows Reflected XSS.This issue affects Author: Munzir: from n/a through = 0.9...

CVE-2025-53351

CVE-2025-53351 corresponds to a WordPress Fidelo Snippet plugin vulnerability (versions through 1.12) where improper input neutralization during web page generation enables reflected XSS. Affected component: Fidelo Snippet (WordPress plugin). Root cause: inadequate input sanitization in the page ...

CVE-2025-53218 WordPress AppExperts plugin <= 1.4.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through = 1.4.5...

CVE-2025-52737 WordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through = 2.2.260...

CVE-2025-49953

Summary: CVE-2025-49953 affects the WordPress plugins ShareBang and Ultimate Social Share Buttons for WordPress (versions through 1.4). Vulnerability: Improper input neutralization during web page generation enables Reflected Cross-Site Scripting (XSS). Root cause: Inadequate handling of user-sup...

CVE-2025-49373 WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Poster: from n/a through = 1.4.5...

CVE-2025-48098

CVE-2025-48098 is a Stored XSS in the WordPress Survey Maker plugin (survey-maker) caused by improper input neutralization during web page generation. Affected: Survey Maker versions up to and including 5.1.8.8. The issue is confirmed by multiple sources (NVD, Red Hat, ENISA, CVE List, PatchStack...

CVE-2025-48082

CVE-2025-48082 describes an incorrect privilege assignment in the WordPress plugin Progress Planner (Progress Planner,

WordPress plugin MasterStudy LMS 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MasterStudy LMS, which...

WordPress plugin WP Responsive Meet The Team 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

WordPress Plugin Pets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ? in WordPress Plugin Cost Calculator Builder versions = 3.5.32...

PT-2025-41358

Name of the Vulnerable Software and Affected Versions WP Travel Engine – Tour Booking Plugin – Tour Operator Software versions prior to 6.6.8 Description The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is susceptible to a Local File Inclusion issue in...

EUVD-2019-5921

Malware in sbrugna...

EUVD-2021-21290

Malware in sbrugna...

EUVD-2017-6721

Malware in sbrugna...