WordPress SpotBot plugin <= 0.1.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin SpotBot versions = 0.1.8...

WordPress FooGallery plugin <= 2.4.29 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Andres Roldan in WordPress Plugin FooGallery versions = 2.4.29...

WordPress WP Activity Log plugin <= 5.3.2 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by Andres Roldan in WordPress Plugin WP Activity Log versions = 5.3.2...

CVE-2025-24654

CVE-2025-24654 concerns the WordPress SEO Plugin by Squirrly SEO (versions up to 12.4.05) and is documented as a Missing Authorization / Broken Access Control vulnerability. Public sources (NVD/CVE pages, Patchstack) note exposure in the plugin and indicate a fix in later versions (patches/vulner...

WordPress Exertio Framework plugin <= 1.3.1 - Unauthenticated Arbitrary User Password Update vulnerability

Unauthenticated Arbitrary User Password Update vulnerability discovered by Foxyyy in WordPress Plugin Exertio Framework versions = 1.3.1...

WordPress WooBuddy plugin <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Settings Update vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WooBuddy versions = 3.4.24...

WordPress plugin contest gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress plugin wpForo Forum 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

WordPress Templines Elementor Helper Core plugin <= 2.7 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin Templines Elementor Helper Core versions = 2.7...

WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce – Loi Hamon versions = 1.1.0...

WordPress Quotes llama plugin <= 3.0.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Quotes llama versions = 3.0.1...

WordPress Team Section Block plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Logan Cote Patchstack Alliance in WordPress Plugin Team Section Block versions = 1.0.9...

CVE-2025-23652 WordPress Add custom content after post plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects Add custom content after post: from n/a through = 1.0...

WordPress Zarinpal Paid Downloads plugin <= 2.3 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Bob Matyas in WordPress Plugin Zarinpal Paid Download versions = 2.3...

CVE-2025-25103 WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5...

WordPress plugin Facilita Form Tracker 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-10628

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency due to insufficient escaping on the user...

CVE-2024-9989

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...

CVE-2024-33681

Cross-Site Request Forgery CSRF vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting XSS.This issue affects Regenerate post permalink: from n/a through 1.0.3...

WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khang Duong Patchstack Alliance in WordPress Plugin Paytm Payment Donation versions = 2.3.3...