CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-49986 WordPress Video List Manager plugin <= 1.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n/a through = 1.7...

CVE-2025-52794 WordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Creative-Solutions Creative Contact Form sexy-contact-form allows Stored XSS.This issue affects Creative Contact Form: from n/a through = 1.0.0...

WordPress plugin Login/Signup Popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

CVE-2025-47527

Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through = 1.3.18...

WordPress plugin Freemind Viewer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by domiee13 in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.3...

CVE-2024-3266

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-4860

The 'WordPress RSS Aggregator' WordPress Plugin, versions 4.23.9 are affected by a Cross-Site Scripting XSS vulnerability due to the lack of sanitization of the 'noticeid' GET parameter...

CVE-2024-12584

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2023-35773

Cross-Site Request Forgery CSRF vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin = 3.1.2 versions...

CVE-2023-25980

Cross-Site Request Forgery CSRF vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin = 5.1 versions...

CVE-2023-41853

Cross-Site Request Forgery CSRF vulnerability in WP iCal Availability plugin = 1.0.3 versions...

CVE-2023-23889

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Paypal Payments plugin = 5.7.25 versions...

CVE-2023-32603

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao Donations Made Easy – Smart Donations plugin = 4.0.12 versions...

CVE-2023-32602

Cross-Site Request Forgery CSRF vulnerability in LOKALYZE CALL ME NOW plugin = 3.0 versions...

CVE-2023-32587

Cross-Site Request Forgery CSRF vulnerability in WP Reactions, LLC WP Reactions Lite plugin = 1.3.8 versions...

CVE-2023-27455

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin = 2.4.5 versions...

CVE-2023-27606

Cross-Site Request Forgery CSRF vulnerability in Sajjad Hossain WP Reroute Email plugin = 1.4.6 versions...

CVE-2023-45749

Cross-Site Request Forgery CSRF vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin = 3.2.4 versions...