WordPress Private Google Calendars plugin <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Private Google Calendars versions = 20250811...

WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin <= 6.91 - Unauthenticated PHP Object Injection vulnerability

WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin = 6.91 - Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin ZoomSounds versions = 6.91...

WordPress WP Customer Area plugin < 8.2.5 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Customer Area versions 8.2.5...

PT-2025-54321

Name of the Vulnerable Software and Affected Versions Cincopa video and media plugin versions through 1.163 Description The Cincopa video and media plugin contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means th...

WordPress Scroll rss excerpt plugin <= 5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Scroll rss excerpt versions = 5.0...

WordPress plugin HTML5 Audio Player 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-49902

The CVE-2025-49902 entry concerns the WordPress plugin Login Page Customizer – Customizer Login Page, Admin Page, Custom Design (versions

WordPress plugin Task Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Panda 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-52168

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Reflected XSS.This issue affects Reservation Plugin: from n/a through = 1.6...

CVE-2025-13741

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it...

CVE-2025-66166

Missing Authorization vulnerability in merkulove Lottier for Elementor lottier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for Elementor: from n/a through = 1.0.9...

CVE-2025-66164

CVE-2025-66164 concerns the WordPress Laser plugin (&lt;= 1.1.1) with a missing/weak authorization control that can allow access-level bypass due to improperly configured access controls. The initial description and multiple sources indicate the vulnerability is categorized as Missing Authorizati...

WordPress plugin Stockholm Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Zeeshan Haider in WordPress Plugin Document Library Lite versions = 1.1.7...

PT-2025-51323

Name of the Vulnerable Software and Affected Versions Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions 8.3.x and 9.3.0.x through 10.1.9.x Description The software deserializes untrusted JSON data without restricting the parser to approved classes and methods...

WordPress plugin Resource Library for Logged In Users 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based...

CVE-2025-62086 WordPress Яндекс Доставка (Boxberry) plugin <= 2.34 - Broken Access Control vulnerability

Missing Authorization vulnerability in akazanstev Яндекс Доставка Boxberry boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка Boxberry: from n/a through = 2.34...

CVE-2025-67592 WordPress My Calendar plugin <= 3.6.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through = 3.6.16...

WordPress Eupago Gateway For Woocommerce plugin <= 4.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Eupago Gateway For Woocommerce versions = 4.7.1...