WordPress plugin GetContentFromURL 代码问题漏洞

The WordPress GetContentFromURL plugin is a tool that allows users to grab content from other websites and display it on WordPress sites with a simple short code. The WordPress GetContentFromURL plugin suffers from a server-side request forgery vulnerability that stems from the use of the...

WordPress plugin Stopwords for comments 跨站请求伪造漏洞

The WordPress Stopwords for comments plugin is a pre-screening tool designed to help webmasters filter out user comments that contain certain banned words i.e. "stopwords". comments. The WordPress Stopwords for comments plugin suffers from a cross-site request forgery vulnerability that stems fro...

WordPress plugin Electric Studio Download Counter 跨站脚本漏洞

WordPress Electric Studio Download Counter plugin is a plugin for WordPress websites whose main function is to count and track the number of file downloads. The WordPress Electric Studio Download Counter plugin suffers from a cross-site scripting vulnerability that stems from the application's la...

WordPress plugin SocialChamp with WordPress 跨站请求伪造漏洞

WordPress SocialChamp with WordPress plugin is a plugin called SocialChamp which focuses on social media automation management. WordPress SocialChamp with WordPress plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the...

PT-2026-2820

The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on...

WordPress Electric Studio Download Counter plugin <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Electric Studio Download Counter versions = 2.4...

WordPress Makesweat plugin <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'makesweatclubid' Setting vulnerability discovered by ChamlaVic in WordPress Plugin Makesweat versions = 0.1...

WordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan in WordPress Plugin Bayarcash WooCommerce versions = 4.3.13...

WordPress WPLMS plugin <= 1.9.9.5.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WPLMS versions = 1.9.9.5.4...

CVE-2025-14579 Quiz Maker < 6.7.0.89 - Admin+ Stored XSS

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Quiz Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Neoforum plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mrreee in WordPress Plugin Neoforum versions = 1.0...

WordPress Merge + Minify + Refresh plugin <= 2.14 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mrreee in WordPress Plugin Merge + Minify + Refresh versions = 2.14...

CVE-2025-14948

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

CVE-2025-67935

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...

PT-2026-1745

Name of the Vulnerable Software and Affected Versions Countdown Timer – Widget Countdown plugin for WordPress versions prior to 2.7.8 Description The plugin is susceptible to Stored Cross-Site Scripting through the 'wpdevart countdown' shortcode due to inadequate input sanitization and output...

WordPress plugin Featured Image from URL 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress Stylish Cost Calculator plugin <= 8.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Stylish Cost Calculator versions = 8.1.9...

CVE-2023-49654

Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system...

CVE-2023-31087

Cross-Site Request Forgery CSRF vulnerability in JoomSky JS Job Manager plugin = 2.0.0 versions...