WordPress EduKart Pro plugin elevation of privilege vulnerability

WordPress EduKart Pro plugin is an e-commerce plugin for the WordPress platform that is primarily used to build and manage online stores. WordPress EduKart Pro plugin has an elevation of privilege vulnerability that stems from the edukartproregisteruserfrontend function not restricting user...

WordPress Frontend File Manager Plugin Insecure Direct Object Reference Vulnerability

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...

WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...

WordPress Reuters Direct plugin <= 3.0.0 - Cross-Site Request Forgery to Settings Reset vulnerability

Cross-Site Request Forgery to Settings Reset vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Reuters Direct versions = 3.0.0...

WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Featured Post Creative versions = 1.5.5...

WordPress AI Feeds plugin <= 1.0.11 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin AI Feeds versions = 1.0.11...

WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Donation Thermometer versions = 2.2.6...

WordPress Search Exclude plugin <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API vulnerability

Missing Authorization to Authenticated Contributor+ Search Settings Modification via REST API vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Search Exclude versions = 2.5.7...

CVE-2025-13380

The CVE-2025-13380 entry affects the WordPress plugin AI Engine for WordPress: ChatGPT, GPT Content Generator, vulnerable in all versions up to 1.0.1. Root cause is insufficient validation of user-supplied file paths in the lqdai_update_post AJAX endpoint and use of file_get_contents() with user-...

WordPress Locker Content plugin <= 1.0.0 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Locker Content versions = 1.0.0...

WordPress Conditional Maintenance Mode for WordPress plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Conditionnal Maintenance Mode for WordPress versions = 1.0.0...

WordPress ELEX WordPress HelpDesk&Customer Ticketing System plugin missing privilege check vulnerability

WordPress ELEX WordPress HelpDesk& Customer Ticketing System plugin is a helpdesk and customer work order system plugin designed for WordPress websites, designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk& Customer Ticketing...

WordPress plugin Chamber Dashboard Business Directory 安全漏洞

WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...

WordPress Plugin LearnPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin LearnPress, which stems...

EUVD-2025-198620

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

WordPress plugin Guest posting / Frontend Posting / Front Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-13384

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...

WordPress Better Search plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Better Search versions = 4.2.1...

CVE-2025-66061

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-13317 Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabcappointmentscheckIPNverification that trusts attacker-supplied payment...