CVE-2025-59137 WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through = 1.7.5...

WordPress GDPR Cookie Compliance plugin < 4.15.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.9...

WordPress plugin Robots.Txt rewrite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter vulnerability

WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'stylesettings' parameter vulnerability discovered by mikemyers in WordPress Plugin Gravity Forms versions 2.9.0.1-2.9.1.3...

WordPress Contact Form 7 Redirect & Thank You Page plugin <= 1.0.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Contact Form 7 Redirect & Thank You Page versions = 1.0.7...

WordPress Eventin plugin <= 4.0.37 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Gai Tanaka 63n0 in WordPress Plugin Eventin versions = 4.0.37...

WordPress plugin FormFacade 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

WordPress plugin WP Post Signature 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Varnish/Nginx Proxy Caching 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Jetpack Boost plugin < 3.4.7 - Admin+ SSRF vulnerability

Admin+ SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Plugin Jetpack Boost versions 3.4.7...

WordPress Top Comments plugin <= 1.0 - Admin+ Stored Cross-Site Scripting vulnerability

Admin+ Stored Cross-Site Scripting vulnerability discovered by Steven Pereira aka Cursed, Anjali Kumari aka HexJello & Muktanand Kale aka Muktimantras in WordPress Plugin Top Comments versions = 1.0...

WordPress Ads Pro plugin <= 4.95 - Unauthenticated SQL Injection via site_id vulnerability

Unauthenticated SQL Injection via siteid vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.95...

WordPress Auto Thickbox plugin <= 3.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Auto Thickbox versions = 3.5...

WordPress Likes and Dislikes Plugin plugin <= 1.0.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Likes and Dislikes versions = 1.0.0...

WordPress Kona Gallery Block plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv - Developer in WordPress Plugin Kona Gallery Block versions = 1.7...

WordPress Marketplace Items plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'marketplace' Shortcode vulnerability discovered by zakaria in WordPress Plugin Marketplace Items versions = 1.5.5...

WordPress Profiler - What Slowing Down Your WP plugin <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability

WordPress Profiler - What Slowing Down Your WP plugin = 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin Profiler - What Slowing Down Your WP versions = 1.0.0...

WordPress plugin WordPress Tooltips 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

WordPress plugin Minamaze 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Custom Background Changer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...