WordPress plugin Community Events 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Keybase.io Verification plugin <= 1.4.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Keybase.io Verification versions = 1.4.5...

WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Academy LMS versions = 3.5.3...

WordPress Frontend File Manager Plugin plugin <= 23.5 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Frontend File Manager versions = 23.5...

CVE-2026-0997

Mattermost components affected include Mattermost server versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1, together with Mattermost Plugin Zoom versions up to 1.11.0. The underlying issue is that the API endpoint /plugins/zoom/api/v1/channel-preference does not properl...

WordPress plugin iONE360 configurator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Code Explorer plugin <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter vulnerability

Authenticated Administrator+ Arbitrary File Read via 'file' Parameter vulnerability discovered by 0x34rth in WordPress Plugin Code Explorer versions = 1.4.6...

CVE-2026-24966

CVE-2026-24966 concerns the WordPress Copyscape Premium plugin up to version 1.4.1, where a Cross-Site Request Forgery (CSRF) vulnerability exists. The issue, tracked across multiple sources, allows an attacker to induce actions on behalf of an authenticated user for Copyscape Premium (affected b...

WordPress plugin The Events Calendar Shortcode & Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Getwid plugin <= 2.0.10 - Missing Authorization to Google API key update vulnerability

Missing Authorization to Google API key update vulnerability discovered by Peter Thaleikis in WordPress Plugin Getwid versions = 2.0.10...

EUVD-2026-5002

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...

WordPress WP Logs Book plugin <= 1.0.1 - Log Clearing via CSRF vulnerability

Log Clearing via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Logs Book versions = 1.0.1...

WordPress Booked plugin <= 3.0.0 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Booked versions = 3.0.0...

WordPress Woodly Core plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Woodly Core versions = 1.4...

WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...

PT-2026-4605

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

CVE-2026-24620 WordPress Landing Page Builder plugin <= 1.5.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through = 1.5.3.4...

CVE-2026-24360 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...

CVE-2025-32123 WordPress HTML5 Video Player with Playlist & Multiple Skins plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through =...

WordPress plugin WPLMS has a path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...