WordPress Canadian Nutrition Facts Label plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Nutrition Label Custom Post Type vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Canadian Nutrition Facts Label versions = 3.0...

WordPress WP Landing Page plugin <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability

Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability discovered by Ivan Cese in WordPress Plugin WP Landing Page versions = 0.9.3...

WordPress plugin Ultra Skype Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-49325

Name of the Vulnerable Software and Affected Versions Widgets for Google Reviews versions prior to 13.2.5 Description The Widgets for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping when handling Google...

WordPress plugin List Attachments Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is ...

WordPress plugin Cute News Ticker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-49340

The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action...

PT-2025-49341

The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page creation due to missing authorization checks in versions up to, and including, 1.0.0. This is due to the plugin not performing capability checks in the Settings::createPage function. This makes it...

WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Certus Cybersecurity in WordPress Plugin Add Custom Codes versions = 4.80...

WordPress Jabbernotification plugin <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability

Reflected Cross-Site Scripting via admin.php PATHINFO vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Jabbernotification versions = 0.99-RC2...

WordPress Time Sheets plugin <= 2.1.3 - Use of Known Vulnerable Component vulnerability

Use of Known Vulnerable Component vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Time Sheets versions = 2.1.3...

CVE-2025-13528

CVE-2025-13528 concerns the WordPress plugin Feedback Modal for Website (WordPress plugin). The vulnerability is an unauthenticated data export exposure via the export_data parameter caused by a missing capability check on the handle_export function in all versions up to and including 1.0.1. Mult...

CVE-2025-12417

The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'surveyfunnellitesurvey' shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

WordPress plugin Wp Social Login and Register Social Counter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security vulnerability...

PT-2025-49208

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopby ajax optimize gallery function. This makes it possible for unauthenticated attackers to...

WordPress plugin SurveyFunnel – Survey Plugin for WordPress 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

WordPress plugin SurveyFunnel – Survey Plugin for WordPress 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in SurveyFunnel - Survey Plugin for WordPress...

WordPress plugin dream gallery 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin Cool Tag Cloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-49232

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark rp options page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via ...