208 matches found
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)
Last week, there were 78 vulnerabilities disclosed in 62 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...
EUVD-2026-24688
The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...
CLEANSTART-2026-UQ68343 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerabili...
EUVD-2024-47006
The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaximagecollage function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
WordPress plugin Simple Blog Card 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
RockyLinux 9 : containernetworking-plugins (RLSA-2026:3341)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3341 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...
WordPress plugin Secure Copy Content Protection and Content Locking 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin WPO365 has code-related vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
CVE-2023-4281
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic...
CVE-2016-10762
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...
CVE-2016-10897
The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues...
CVE-2017-18565
The updater plugin before 1.35 for WordPress has multiple XSS issues...
CVE-2017-18608
The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues...
CVE-2017-18586
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...
CVE-2017-18502
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues...
CVE-2017-18492
The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues...
CVE-2017-18564
The sender plugin before 1.2.1 for WordPress has multiple XSS issues...
CVE-2024-2172
The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...
WordPress plugin VK All in One Expansion Unit 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
EUVD-2017-9609
Malware in sbrugna...