WordPress plugin H5P 安全漏洞

WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...

WordPress plugin Vimeotheque 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

WordPress plugin YouTube Embed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-68559

TheGem Theme Elements (for Elementor) WordPress plugin is vulnerable to Cross‑Site Scripting (XSS) due to improper input neutralization during web page generation. Affected versions are up to 5.10.5.1. Risk is mitigated by upgrading to a version later than 5.10.5.1, per multiple sources describin...

CVE-2025-14155 Premium Addons for Elementor <= 4.11.53 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'get_template_content'

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gettemplatecontent' function in all versions up to, and including, 4.11.53. This makes it possible for...

WordPress plugin WPBulky SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

WordPress plugin VPSUForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Chakra test 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Chakra test plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access contr...

WordPress Tablesome plugin <= 1.1.35.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Tablesome versions = 1.1.35.1...

WordPress FV Simpler SEO plugin <= 1.9.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin FV Simpler SEO versions = 1.9.6...

CVE-2025-62880 WordPress Custom 404 Pro plugin <= 3.12.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through = 3.12.0...

CVE-2025-11496

The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-47232

Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6...

WordPress FileBird Pro plugin missing authorization vulnerability

WordPress FileBird Pro plugin is a media library management plugin for WordPress websites designed to help users organize and manipulate media files more efficiently. A missing authorization vulnerability exists in WordPress FileBird Pro plugin, which can be exploited by an attacker to leverage a...

WordPress Grider for Elementor plugin missing license vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Grider for Elementor plugin, which can be exploited by an attacker to leverage an incorrectly configured access...

CVE-2025-14855

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

WordPress plugin WC Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress Editorial Calendar plugin <= 3.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Editorial Calendar versions = 3.8.8...

CVE-2025-13307

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...

CVE-2025-12581

CVE-2025-12581 affects the WordPress plugin Attachments Handler (versions up to 1.1.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) via URL stemming from insufficient input sanitization/output escaping. It allows unauthenticated attackers to inject arbitrary scripts into pages tha...