PT-2025-44943

The Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save post data function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, wit...

WordPress plugin Top Bar Notification 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in...

WordPress plugin Free Quotation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Footnotes Made Easy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-11502

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2025-11920

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

EUVD-2025-37425

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

CVE-2025-11502

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2025-11174

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-64360 WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through = 1.4.2...

CVE-2025-64357

CVE-2025-64357 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin Advanced Database Cleaner up to version 3.1.6. Root cause: insufficient verification that requests originate from a trusted user, enabling actions on behalf of an authenticated user. Affected software: WordPress ...

WordPress User Extra Fields plugin <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via savefields Function vulnerability discovered by Tonn in WordPress Plugin User Extra Fields versions = 16.7...

WordPress Plugin Atarim Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Atarim, which originates...

CVE-2025-34284 Nagios XI < 2024R2 Authenticated Command Injection via WinRM Plugin

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitatio...

WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Accessibility Toolkit by WebYes versions = 2.0.4...

CVE-2025-12475 Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

WordPress Jannah - Extensions plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

WordPress Jannah - Extensions plugin = 1.1.4 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Jannah - Extensions versions = 1.1.4...

WordPress AppPresser plugin <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Limited Sensitive Information Exposure vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin AppPresser versions = 4.5.0...

PT-2025-44372

Name of the Vulnerable Software and Affected Versions Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress versions prior to 1.48 Description The software is susceptible to log file poisoning, allowing unauthenticated attackers to insert arbitrary content...

WordPress plugin Blocksy Companion 跨站脚本漏洞

WordPress Blocksy Companion Plugin is an official plugin designed for WordPress theme Blocksy to enhance the theme functionality with advanced customization options and integration tools. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the...