WordPress WooBuddy plugin <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Settings Update vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WooBuddy versions = 3.4.24...

WordPress plugin contest gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress plugin wpForo Forum 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

WordPress Templines Elementor Helper Core plugin <= 2.7 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin Templines Elementor Helper Core versions = 2.7...

WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Woocommerce – Loi Hamon versions = 1.1.0...

WordPress Quotes llama plugin <= 3.0.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Quotes llama versions = 3.0.1...

WordPress Team Section Block plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Logan Cote Patchstack Alliance in WordPress Plugin Team Section Block versions = 1.0.9...

CVE-2025-23652 WordPress Add custom content after post plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Zuanon Add custom content after post add-custom-content-after-post allows Reflected XSS.This issue affects Add custom content after post: from n/a through = 1.0...

WordPress Zarinpal Paid Downloads plugin <= 2.3 - Admin+ Arbitrary File Upload vulnerability

Admin+ Arbitrary File Upload vulnerability discovered by Bob Matyas in WordPress Plugin Zarinpal Paid Download versions = 2.3...

CVE-2025-25103 WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5...

WordPress plugin Facilita Form Tracker 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-10628

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency due to insufficient escaping on the user...

CVE-2024-9989

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...

CVE-2024-33681

Cross-Site Request Forgery CSRF vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting XSS.This issue affects Regenerate post permalink: from n/a through 1.0.3...

WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khang Duong Patchstack Alliance in WordPress Plugin Paytm Payment Donation versions = 2.3.3...

WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability

WordPress CWD - Stealth Links plugin = 1.3 - SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin CWD – Stealth Links versions = 1.3...

WordPress Links in Captions plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Links in Captions versions = 1.2...

WordPress Dynamic URL SEO plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Dynamic URL SEO versions = 1.0...

WordPress Visitor Details plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Visitor Details versions = 1.0.1...

WordPress Yahoo BOSS Plugin <= 0.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Yahoo BOSS versions = 0.7...