CVE-2023-32292

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GetButton Chat Button by GetButton.Io plugin = 1.8.9.4 versions...

CVE-2023-23866

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Carlos Moreira Interactive Geo Maps plugin = 1.5.8 versions...

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-23831

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rating-Widget Rating-Widget: Star Review System plugin = 3.1.9 versions...

CVE-2023-47669

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin = 3.10.3 versions...

CVE-2023-47697

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin = 3.1.39 versions...

CVE-2022-47135

Cross-Site Request Forgery CSRF vulnerability in chronoengine.Com Chronoforms plugin = 7.0.9 versions...

CVE-2022-47434

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in PB SEO Friendly Images plugin = 4.0.5 versions...

CVE-2022-44632

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin = 1.1.13 versions...

CVE-2022-4017

The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in...

CVE-2022-47178

Cross-Site Request Forgery CSRF vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin = 8.4.7 versions...

WordPress plugin CoinPayments.net Payment Gateway for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...

WordPress plugin WC Affiliate 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin Real Estate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Frontend Dashboard 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

WordPress Flynax Bridge 2.2.0 Privilege Escalation

WordPress Flynax Bridge plugin versions 2.2.0 and below suffer from an unauthenticated privilege escalation vulnerability...

PT-2025-18384 · WordPress · Wordpress Simple Shopping Cart

Name of the Vulnerable Software and Affected Versions: WordPress Simple Shopping Cart plugin versions up to, and including, 5.1.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wp cart button' shortcode due to insufficient input sanitization and output escaping...

CVE-2025-39377 WordPress Appsero Helper plugin <= 1.3.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Appsero Helper appsero-helper allows SQL Injection.This issue affects Appsero Helper: from n/a through = 1.3.4...

CVE-2025-46251

CVE-2025-46251 (VikRestaurants Table Reservations and Take-Away) is a CSRF to Stored XSS vulnerability affecting VikRestaurants Table Reservations and Take-Away versions up to 1.3.3. The initial and connected documents consistently describe a CSRF issue that can lead to stored XSS, but none of th...

CVE-2025-24548 WordPress Autoglot – Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Autoglot Autoglot – Automatic WordPress Translation autoglot allows Reflected XSS.This issue affects Autoglot – Automatic WordPress Translation: from n/a through = 2.4.7...