CVE-2023-4024

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances...

CVE-2023-4689

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...

CVE-2023-4962

The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'videopopup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2025-14352

The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...

CVE-2023-25453

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Ian Sadovy WordPress Tables plugin = 1.3.9 versions...

CVE-2023-31218

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.6 versions...

CVE-2023-4402

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

CVE-2025-23699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techmix Event Countdown Timer Plugin by TechMix event-countdown-timer allows Reflected XSS.This issue affects Event Countdown Timer Plugin by TechMix: from n/a through = 1.4...

WordPress plugin weDocs 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

PT-2026-1961

Name of the Vulnerable Software and Affected Versions WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress versions through 1.1.8 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping...

PT-2026-1709

Name of the Vulnerable Software and Affected Versions Contact Form vCard Generator versions up to and including 2.4 Description The Contact Form vCard Generator plugin for WordPress has a flaw where a missing capability check on the wp gvccf check download request function allows unauthorized...

WordPress plugin IndieWeb 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Entry Views 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Clearfy plugin <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering vulnerability

Cross-Site Request Forgery to Update Notification Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Clearfy Cache versions = 2.4.0...

CVE-2026-22486

Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9...

CVE-2026-22522 WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...

WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Image&Video FullScreen Background versions = 1.6.7...

CVE-2025-68892

CVE-2025-68892 — Reflected XSS in the WordPress plugin Scroll rss excerpt (vulnerable through version

CVE-2025-68874 WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through = 1.5.0...

CVE-2025-67927 WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.8.8...