WordPress Lawyer Directory plugin <= 1.3.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Lawyer Directory versions = 1.3.3...

WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xVenus in WordPress Plugin Paid Downloads versions = 3.15...

CVE-2025-14853

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the displaysettingspage function. This makes it possible for unauthenticated attackers to modify plugin settings via ...

CVE-2025-14173

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...

WordPress SocialChamp with WordPress plugin <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin SocialChamp with WordPress versions = 1.3.3...

WordPress plugin Dreamer Blog 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Trusona for WordPress plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Trusona for WordPress versions = 2.0.0...

CVE-2023-25788

Cross-Site Request Forgery CSRF vulnerability in Saphali Saphali Woocommerce Lite plugin = 1.8.13 versions...

CVE-2023-25473

Cross-Site Request Forgery CSRF vulnerability in Miro Mannino Flickr Justified Gallery plugin = 3.5 versions...

CVE-2023-29235

Cross-Site Request Forgery CSRF vulnerability in Fugu Maintenance Switch plugin = 1.5.2 versions...

CVE-2023-45656

Cross-Site Request Forgery CSRF vulnerability in Kevin Weber Lazy Load for Videos plugin = 2.18.2 versions...

CVE-2023-29100

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Dream-Theme The7 plugin = 11.6.0 versions...

CVE-2023-45054

Unauth. Reflected Cross-Site Scripting XSS vulnerability in AWESOME TOGI Product Category Tree plugin = 2.5 versions...

CVE-2023-45837

Unauth. Reflected Cross-Site Scripting XSS vulnerability in XYDAC Ultimate Taxonomy Manager plugin = 2.0 versions...

WordPress plugin MediaPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-15058 Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency'

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tablecurrency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14122

CVE-2025-14122 concerns the AD Sliding FAQ plugin for WordPress. The connected Wordfence report confirms a stored XSS vulnerability via the sliding_faq shortcode, affecting all versions up to and including 2.4, caused by insufficient input sanitization and output escaping on user-supplied attribu...

WordPress plugin Yoco Payments 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

CVE-2025-23719

CVE-2025-23719 concerns the WordPress ZhinaTwitterWidget plugin (versions up to 1.0) and is described as an Improper Neutralization of Input During Web Page Generation leading to a Reflected Cross-Site Scripting (XSS) vulnerability. The issue affects ZhinaTwitterWidget from n/a through 1.0, per t...

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function vulnerability

WordPress Frontend Dashboard plugin 1.5.10 - 2.2.7 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via ajaxrequest Function vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.5.10-2.2.7...