15887 matches found
CVE-2025-62950 WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...
CVE-2025-62047
CVE-2025-62047 concerns WordPress Case Addons (< 1.3.0) where an Unrestricted Upload of File with Dangerous Type exists in the Case Addons plugin. The CNVD/Red Hat/NVD entries confirm the issue affects Case Addons and describe a path to remote code execution via arbitrary file uploads. The Wor...
CVE-2025-62040 WordPress YOP Poll plugin <= 6.5.37 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YOP YOP Poll yop-poll.This issue affects YOP Poll: from n/a through = 6.5.37...
CVE-2025-60245 WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...
CVE-2025-60242
CVE-2025-60242 affects WordPress Plugin Download Counter (versions
CVE-2025-60200
The CVE-2025-60200 entry is a concrete local file inclusion issue in the WordPress plugin LearnPress Export Import (versions ≤ 4.0.9 per multiple sources). Affected component: the plugin’s PHP include/require handling allowing an attacker-controlled filename to be included remotely, enabling PHP ...
CVE-2025-60189 WordPress PoloPag – Pix Automático para Woocommerce plugin <= 2.0.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through ...
CVE-2025-60188
CVE-2025-60188 affects the WordPress Atarim visual-collaboration plugin (Atarim <= 4.2.x). The vulnerability is an insertion of sensitive information into sent data caused by improper handling of embedded sensitive data, enabling retrieval of embedded sensitive data remotely. Impact is informa...
CVE-2025-58996 WordPress Advanced Settings Plugin <= 3.1.1 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through = 3.1.1...
CVE-2025-58627
The CVE-2025-58627 issue affects WordPress Miraculous Core Plugin (miraculouscore) versions before 2.0.9. It is an Insecure Direct Object References (IDOR) vulnerability caused by a user-controllable key that enables an authorization bypass due to misconfigured access control. Affects Miraculous ...
EUVD-2025-38142
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through 2.0.9...
CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...
CVE-2025-53246
CVE-2025-53246: WordPress Plugin Backup and Move
CVE-2025-52773
CVE-2025-52773 affects the WordPress plugin HieCOR Payment Gateway Plugin (hcv4-payment-gateway)
CVE-2025-49909 WordPress Penci Bookmark & Follow plugin < 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects Penci Bookmark & Follow: from n/a through 2.4...
CVE-2025-49390 WordPress Cookie Notice & Consent plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects Cookie Notice & Consent: from n/a through = 1.6.4...
CVE-2025-49372 WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through = 1.0.7...
CVE-2025-48083
CVE-2025-48083 affects the WordPress plugin wpNamedUsers (versions <= 0.5). The issue is a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored XSS. Base metrics show CVSS 3.1, with a high impact: confidentiality, integrity, and availability all rated High/H. The vulnerability ...
CVE-2025-48083 WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through = 0.5...
CVE-2025-31029 WordPress replyMail plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through = 1.2.0...