CVE-2026-2385

The CVE-2026-2385 entry concerns The Plus Addons for Elementor plugin for WordPress (WordPress ecosystem) with a vulnerability in all versions up to and including 6.4.7. Root cause: Insufficient verification of data authenticity due to the plugin decrypting and trusting attacker-controlled email_...

WordPress plugin Conditional CAPTCHA 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There are...

CVE-2026-21627

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...

WordPress plugin LearnPress Export Import – WordPress extension for LearnPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Wholesale Suite plugin <= 2.2.6 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Teemu Saarentaus in WordPress Plugin Wholesale Suite versions = 2.2.6...

CVE-2026-24950 WordPress Authorsy plugin <= 1.0.6 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through = 1.0.6...

CVE-2026-24948

CVE-2026-24948 is a reflected XSS vulnerability in the WordPress plugin Reflector (fox-themes Reflector reflector-plugins) affecting versions up to and including 1.2.2. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Public sources in connec...

CVE-2026-24953

CVE-2026-24953 is a path traversal vulnerability in WordPress plugin Simple File List (versions 6.1.15, or apply vendor-provided fixes as available.

CVE-2026-24944

Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through = 10.44...

CVE-2026-22352 WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through = 7.1.1...

CVE-2025-69398

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through = 1.7...

CVE-2025-69384 WordPress Timeline Event History plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdiscover Timeline Event History timeline-event-history allows Reflected XSS.This issue affects Timeline Event History: from n/a through = 3.2...

CVE-2025-69377

CVE-2025-69377 : WordPress WordPress User Extra Fields plugin (wp-user-extra-fields)

CVE-2025-69326 WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

CVE-2025-69309

CVE-2025-69309 affects WordPress plugin Saasplate Core (saasplate-core) up to and including version 1.2.8, due to improper neutralization of special elements in SQL queries, enabling Blind SQL Injection. Affected versions range from n/a through 1.2.8; Red Hat and CVE listings corroborate this sco...

CVE-2025-68862

CVE-2025-68862 is a path traversal vulnerability in the WordPress plugin Woo File Dropzone (woo-file-dropzone) affecting versions up to and including 1.1.7. The issue enables traversal outside the intended directory, with Red Hat and NVD entries describing it as an improper limitation of a pathna...

CVE-2025-68848 WordPress amr cron manager plugin <= 2.3 - Reflecte dCross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anmari amr cron manager amr-cron-manager allows Reflected XSS.This issue affects amr cron manager: from n/a through = 2.3...

CVE-2025-68845

CVE-2025-68845 corresponds to a Reflected XSS in the WordPress plugin “eDS Responsive Menu” (eds-responsive-menu) by aThemeArt Translations. The vulnerability stems from improper input neutralization during web page generation, allowing reflected cross-site scripting. Affected range: eds-responsi...

CVE-2025-68846 WordPress Asynchronous Javascript plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through = 1.3.5...

CVE-2025-68843 WordPress FeedWordPress Advanced Filters plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bas Schuiling FeedWordPress Advanced Filters faf allows Reflected XSS.This issue affects FeedWordPress Advanced Filters: from n/a through = 0.6.2...