15887 matches found
CVE-2025-49933 WordPress JetBlog plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through = 2.4.4...
CVE-2025-49931
Summary: CVE-2025-49931 affects CrocoBlock JetSearch (JetSearch) WordPress plugin versions through 3.5.10. The flaw is an improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Affected component is the JetSearch PHP/SQL handling path (the credentialed root cau...
CVE-2025-49922
The CVE-2025-49922 entry concerns the WordPress WPeMatico RSS Feed Fetcher plugin (
CVE-2025-49921
CVE-2025-49921 describes an Local File Inclusion (LFI) in the WordPress JetReviews plugin ≤ 3.0.0 due to improper control of the filename in include/require statements, enabling potential local file exposure. The issue affects JetReviews versions up to 3.0.0. Remediation recommended: update JetRe...
CVE-2025-49906 WordPress WPComplete plugin <= 2.9.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through = 2.9.5.3...
CVE-2025-49377 WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through = 1.1.9...
CVE-2025-49377 WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through = 1.1.9...
CVE-2025-49373 WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Cross Site Request Forgery.This issue affects Evergreen Content Poster: from n/a through = 1.4.5...
CVE-2025-48091
CVE-2025-48091 affects WordPress AnyComment plugin up to version 0.3.6. Multiple connected sources (CNVD-2025-25836, RH:CVE-2025-48091, PT-2025-43154) attribute SQL Injection to improper neutralization of external SQL elements in AnyComment, enabling arbitrary SQL execution and potential data exp...
CVE-2025-48091 WordPress AnyComment plugin <= 0.3.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...
CVE-2025-48092 WordPress Fix Multiple Redirects plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jurajpuchky Fix Multiple Redirects fix-multiple-redirects allows Reflected XSS.This issue affects Fix Multiple Redirects: from n/a through = 1.2.3...
CVE-2025-39534 WordPress Terms Dictionary Plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Somonator Terms Dictionary terms-dictionary allows Reflected XSS.This issue affects Terms Dictionary: from n/a through = 1.5.1...
EUVD-2025-35359
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. Th...
CVE-2025-11883
The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-11819 WP-Thumbnail <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11809 WP-Force Images Download <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfid' shortcode in all versions up to, and including, 1.8. This is due to insufficient input sanitization and output escaping on the 'class' attribute. This makes it possible for authenticated...
CVE-2025-11809
CVE-2025-11809 refers to the WP-Force Images Download plugin for WordPress (versions up to 1.8). The issue is a Stored XSS via the wpfid shortcode caused by insufficient input sanitization/output escaping on the class attribute. Exploitation requires attacker with contributor+ privileges; the pay...
WordPress plugin Email Tracker SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
WordPress plugin WPeMatico RSS Feed Fetcher 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin JetReviews jet-reviews 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...