WordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Flexible Cookies versions = 1.1.8...

CVE-2025-30887 WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.2.9...

CVE-2025-30862 WordPress reCAPTCHA for all plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in sminozzi reCAPTCHA for all recaptcha-for-all allows Cross Site Request Forgery.This issue affects reCAPTCHA for all: from n/a through = 2.22...

CVE-2025-30801 WordPress TWB Woocommerce Reviews plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Abu Bakar TWB Woocommerce Reviews twb-woocommerce-reviews allows Cross Site Request Forgery.This issue affects TWB Woocommerce Reviews: from n/a through = 1.7.7...

CVE-2025-30800 WordPress Gum Elementor Addon plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atawai Gum Elementor Addon gum-elementor-addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through = 1.3.10...

WordPress WP Google Review Slider plugin <= 16.0 - CSRF to SQL Injection vulnerability

CSRF to SQL Injection vulnerability discovered by astra.r3verii in WordPress Plugin WP Google Review Slider versions = 16.0...

WordPress plugin Store Locator Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin MC Woocommerce Wishlist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-26941 WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in andymoyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through = 5.0.18...

CVE-2025-1911

CVE-2025-1911 (Product Import Export for WooCommerce – Import Export Product CSV Suite, WordPress) . The vulnerability arises from insufficient file path validation in the admin_log_page() function, allowing a directory traversal to occur. This enables an authenticated attacker with Administrator...

CVE-2024-11272

CVE-2024-11272 affects the WordPress plugin Contact Form & SMTP Plugin for WordPress by PirateForms (versions before 2.6.0). The root cause is lack of sanitization and escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed ...

WordPress Iron Security 2.2.3 IP Spoofing

WordPress Iron Security plugin versions 2.2.3 and below suffer from a source IP spoofing vulnerability. Wordpress Plugin Iron Security - IP Spoofing Exploit Author: bRpsd | cyatlive.no Date: March 20, 2025 Product: https://wordpress.org/plugins/iron-security/ Version: 2.2.3 and below CVE : N/A...

CVE-2025-30620 WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in coderscom WP Odoo Form Integrator wp-odoo-form-integrator allows Stored XSS.This issue affects WP Odoo Form Integrator: from n/a through = 1.1.0...

CVE-2025-30604 WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in jiangqie JiangQie Official Website Mini Program jiangqie-official-website-mini-program allows Blind SQL Injection.This issue affects JiangQie Official Website Mini Program: from n/a through = 1.8.2...

CVE-2025-30587 WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability

Cross-Site Request Forgery CSRF vulnerability in shawfactor LH OGP Meta lh-ogp-meta-tags allows Stored XSS.This issue affects LH OGP Meta: from n/a through = 1.73...

WordPress GMO Font Agent plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin GMO Font Agent versions = 1.6...

WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Docpro versions = 2.0.1...

WordPress Pixobe Cartography plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Pixobe Cartography versions = 1.0.1...

CVE-2025-2262

CVE-2025-2262 – WordPress Logo Slider (GS-Logo-Slider) vulnerability : Affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation for WordPress, versions up to and including 3.7.3. The flaw arises from executing an action without proper validation before running...

WordPress plugin CiyaShop 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...