CVE-2019-14796

The mq-woocommerce-products-price-bulk-edit aka Woocommerce Products Price Bulk Edit plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=updateoptions showproductspagelimit parameter...

CVE-2019-15659

The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969...

CVE-2019-15643

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS...

CVE-2018-17946

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter...

CVE-2019-10388

A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

CVE-2015-9355

The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area...

CVE-2025-39409 WordPress WordPress Video Robot - The Ultimate Video Importer plugin <= 1.20.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0...

CVE-2025-43839 WordPress BP Messages Tool plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shanebp BP Messages Tool bp-messages-tool allows Reflected XSS.This issue affects BP Messages Tool: from n/a through = 2.2...

CVE-2025-43840 WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in ref CheckBot checkbot allows Stored XSS.This issue affects CheckBot: from n/a through = 1.05...

CVE-2025-48259

CVE-2025-48259 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin WP Mapa Politico España . Affected: WordPress sites running this plugin up to version 3.8.0 . The vulnerability allows CSRF to change settings, with the CVE notes and PatchStack entry confirming a CSRF-to-Setting...

WordPress plugin SUMO Reward Points 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Super Store Finder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin Salon booking system 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-10143

The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2025-39482 WordPress Eventer plugin < 3.11.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through 3.11.4...

CVE-2025-46464 WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Stored XSS.This issue affects Ads Pro: from n/a through = 5.0...

WordPress Radio Player Shoutcast & Icecast theme <= 4.4.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Radio Player Shoutcast & Icecast WordPress Plugin versions = 4.4.6...

CVE-2024-7759

The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WP Google Review Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress SureTriggers Plugin < 1.0.24 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:suretriggers:suretriggers"; if description...