PT-2025-49341

The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page creation due to missing authorization checks in versions up to, and including, 1.0.0. This is due to the plugin not performing capability checks in the Settings::createPage function. This makes it...

PT-2025-49340

The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action...

PT-2025-49325

Name of the Vulnerable Software and Affected Versions Widgets for Google Reviews versions prior to 13.2.5 Description The Widgets for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping when handling Google...

WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Certus Cybersecurity in WordPress Plugin Add Custom Codes versions = 4.80...

WordPress Jabbernotification plugin <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability

Reflected Cross-Site Scripting via admin.php PATHINFO vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Jabbernotification versions = 0.99-RC2...

WordPress Time Sheets plugin <= 2.1.3 - Use of Known Vulnerable Component vulnerability

Use of Known Vulnerable Component vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Time Sheets versions = 2.1.3...

CVE-2025-13528

CVE-2025-13528 concerns the WordPress plugin Feedback Modal for Website (WordPress plugin). The vulnerability is an unauthenticated data export exposure via the export_data parameter caused by a missing capability check on the handle_export function in all versions up to and including 1.0.1. Mult...

CVE-2025-12417

The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'surveyfunnellitesurvey' shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

WordPress plugin Wp Social Login and Register Social Counter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin SurveyFunnel – Survey Plugin for WordPress 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

WordPress plugin SurveyFunnel – Survey Plugin for WordPress 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in SurveyFunnel - Survey Plugin for WordPress...

WordPress plugin dream gallery 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin Cool Tag Cloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-49208

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopby ajax optimize gallery function. This makes it possible for unauthenticated attackers to...

PT-2025-49232

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark rp options page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via ...

WordPress Image Cleanup plugin <= 1.9.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Image Cleanup versions = 1.9.2...

WordPress Modula plugin 2.13.1-2.13.2 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by ISMAILSHADOW in WordPress Plugin Modula Image Gallery versions 2.13.1-2.13.2...

WordPress SureMail – SMTP and Email Logs plugin with Amazon SES, Postmark, and Other Providers plugin <= 1.9.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by type5afe in WordPress Plugin SureMail versions = 1.9.0...

WordPress plugin Everest Backup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-48795

Advanced Custom Fields: Extended and Affected Versions Advanced Custom Fields: Extended versions 0.9.0.5 through 0.9.1.1 Description The Advanced Custom Fields: Extended plugin for WordPress has a flaw that allows for Remote Code Execution RCE. This is due to the prepare form function accepting...