CVE-2025-47527

Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through = 1.3.18...

WordPress plugin Freemind Viewer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by domiee13 in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.3...

CVE-2024-3266

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-4860

The 'WordPress RSS Aggregator' WordPress Plugin, versions 4.23.9 are affected by a Cross-Site Scripting XSS vulnerability due to the lack of sanitization of the 'noticeid' GET parameter...

CVE-2024-12584

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2023-35773

Cross-Site Request Forgery CSRF vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin = 3.1.2 versions...

CVE-2023-25980

Cross-Site Request Forgery CSRF vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin = 5.1 versions...

CVE-2023-41853

Cross-Site Request Forgery CSRF vulnerability in WP iCal Availability plugin = 1.0.3 versions...

CVE-2023-23889

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Paypal Payments plugin = 5.7.25 versions...

CVE-2023-32603

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao Donations Made Easy – Smart Donations plugin = 4.0.12 versions...

CVE-2023-32602

Cross-Site Request Forgery CSRF vulnerability in LOKALYZE CALL ME NOW plugin = 3.0 versions...

CVE-2023-32587

Cross-Site Request Forgery CSRF vulnerability in WP Reactions, LLC WP Reactions Lite plugin = 1.3.8 versions...

CVE-2023-27455

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin = 2.4.5 versions...

CVE-2023-27606

Cross-Site Request Forgery CSRF vulnerability in Sajjad Hossain WP Reroute Email plugin = 1.4.6 versions...

CVE-2023-45749

Cross-Site Request Forgery CSRF vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin = 3.2.4 versions...

CVE-2023-33931

Cross-Site Request Forgery CSRF vulnerability in Ciprian Popescu YouTube Playlist Player plugin = 4.6.4 versions...

CVE-2023-33311

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...

CVE-2023-46776

Cross-Site Request Forgery CSRF vulnerability in Serena Villa Auto Excerpt everywhere plugin = 1.5 versions...

CVE-2023-28495

Cross-Site Request Forgery CSRF vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin = 1.4.16 versions...