WordPress SiteSEO – SEO Simplified plugin <= 1.3.2 - Improper Authorization to Authenticated Settings Reset vulnerability

Improper Authorization to Authenticated Settings Reset vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin SiteSEO versions = 1.3.2...

WordPress Category and Product Woocommerce Tabs plugin <= 1.0 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Category and Product Woocommerce Tabs versions = 1.0...

CVE-2025-12590 YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

WordPress Hub Core plugin <= 5.0.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Hub Core versions = 5.0.8...

WordPress plugin WooCommerce Store Toolkit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

WordPress Centangle Team Showcase plugin <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Centangle Team Showcase versions = 1.0.0...

Exploit for CVE-2025-11833

Unauthorized Data Access in Post SMTP Plugin for WordPress CV...

EUVD-2025-37426

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

CVE-2025-12171 RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

CVE-2025-12171 RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingestimage function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary file...

PT-2025-44718

Name of the Vulnerable Software and Affected Versions WordPress RESTful Content Syndication plugin versions 1.1.0 through 1.5.0 Description The RESTful Content Syndication plugin for WordPress is affected by a flaw that allows authenticated attackers with Author-level access or higher to upload...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

CVE-2025-64288 WordPress Premmerce plugin <= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through = 1.3.19...

CVE-2025-64220 WordPress Rey Core plugin <= 3.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through = 3.1.8...

WordPress plugin Majestic Support 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Consulting Elementor Widgets versions = 1.4.2...

CVE-2025-62890 WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.This issue affects Premmerce Brands for WooCommerce: from n/a through = 1.2.13...

CVE-2025-11880

The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-48095 WordPress Survey Maker plugin <= 5.1.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through = 5.1.8.8...

WordPress Posts By Tag plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Posts By Tag versions = 3.2.1...