WordPress OPSI Israel Domestic Shipments plugin <= 2.8.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin OPSI Israel Domestic Shipments versions = 2.8.2...

WordPress FWD Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin FWD Slider versions = 1.0...

WordPress Htaccess File Editor <= 1.0.19 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Htaccess File Editor versions = 1.0.19...

WordPress W3 Total Cache plugin <= 2.8.1 Information Exposure via Log Files vulnerability

WordPress W3 Total Cache plugin = 2.8.1 Information Exposure via Log Files vulnerability discovered by villu164 in WordPress Plugin W3 Total Cache versions = 2.8.1...

WordPress SKT Page Builder plugin <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by WordFence in WordPress Plugin SKT Page Builder versions = 4.7...

CVE-2025-22556

CVE-2025-22556 is a Cross-Site Request Forgery (CSRF) vulnerability in the Norse Rune Oracle Plugin for WordPress. Affected is the Norse Rune Oracle Plugin 1.4.1 and earlier (the description lists vulnerability impact as affecting the plugin from n/a through 1.4.1). The CVSS metrics provided by P...

WordPress JoomSport plugin <= 5.6.17 - Reflected Cross-Site Scripting via page vulnerability

Reflected Cross-Site Scripting via page vulnerability discovered by Colin Xu in WordPress Plugin JoomSport versions = 5.6.17...

CVE-2024-12157

CVE-2024-12157 details (WordPress Plugin: Popup – MailChimp, GetResponse and ActiveCampaign Intergrations) Affected product: Popup – MailChimp, GetResponse and ActiveCampaign Intergrations (WordPress plugin) Vulnerability: SQL Injection via the id parameter of the upc_delete_db_record AJAX action...

WordPress plugin Coupon Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Kikx Simple Post Author Filter plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Kikx Simple Post Author Filter versions = 1.0...

CVE-2024-56302

CVE-2024-56302 is a Stored XSS in ConvertCalculator for WordPress (Authenticated-Only) affecting version ≤ 1.1.1. The root cause is improper input neutralization during web page generation. Exposure could permit stored script execution in pages generated by the plugin. The CVE entry is corroborat...

CVE-2024-37540

CVE-2024-37540 is a CSRF vulnerability in the WordPress plugin Leaky Paywall (versions n/a–4.21.2). The vulnerability is described as a Cross-Site Request Forgery issue affecting Leaky Paywall, with a CVSS 3.1 base score of 4.3 (Medium). Public references in the provided documents consistently ci...

CVE-2024-49694

Missing Authorization vulnerability in imw3 My Wp Brand my-wp-brand.This issue affects My Wp Brand: from n/a through = 1.1.2...

CVE-2024-56256

CVE-2024-56256 corresponds to a stored Cross-Site Scripting (XSS) flaw in the WordPress Embed PDF Viewer plugin (

CVE-2024-56212 WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9...

WordPress plugin gap-hub-user-role 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress WPLegalPages plugin <= 3.2.7 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Lucio Sá in WordPress Plugin WPLegalPages versions = 3.2.7...

WordPress WP Travel Engine plugin <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Webbernaut in WordPress Plugin WP Travel Engine versions = 1.3.7...

WordPress NinjaTeam Chat for Telegram plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin NinjaTeam Chat for Telegram versions = 1.0...

WordPress CodeBard Help Desk plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by hunter85 Patchstack Alliance in WordPress Plugin CodeBard Help Desk versions = 1.1.1...