15850 matches found
WordPress plugin Easy Form Builder has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
WordPress plugin Stock Manager for WooCommerce has security vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin “Photo Gallery” by 10Web – Mobile-Friendly Image Gallery security vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin WPMasterToolKit has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Real Homes CRM code issue vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2021-47746
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by...
EUVD-2026-3644
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...
CVE-2025-15043
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'startmigration', 'cancelmigration', and 'revertmigration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with...
CVE-2026-0608
The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion vulnerability
WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.4 - Missing Authorization to Authenticated Subscriber+ Limited Attachment Deletion vulnerability discovered by type5afe in WordPress Plugin Tutor LMS versions = 3.9.4...
CVE-2025-15043
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'startmigration', 'cancelmigration', and 'revertmigration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with...
CVE-2025-15380 NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview'
The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including, 3.2.0. Thi...
CVE-2025-15043
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'startmigration', 'cancelmigration', and 'revertmigration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with...
WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Simple Membership WP user Import versions = 1.9.1...
CVE-2026-1042
The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'digitone' and 'digittwo' parameters in all versions up to, and including, 1.02 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14977
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the /wp-json/dokan/v1/settings REST API endpoint due to missing validation on a...
CVE-2025-14351 Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion
The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...
PT-2026-3578
Name of the Vulnerable Software and Affected Versions Nexter Extension – Site Enhancements Toolkit plugin for WordPress versions through 4.4.6 Description The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrust...
MiracleLinux 9 : mysql-8.0.41-2.el9_5.ML.1 (AXSA:2025-9701:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9701:03 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...
WordPress Tutor LMS BunnyNet Integration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Tutor LMS BunnyNet Integration versions = 1.0.0...