15852 matches found
CVE-2025-12937
The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...
EUVD-2025-197948
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...
CVE-2025-11267 VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'veucustomcss' parameter in all versions up to, and including, 9.112.1. This is due to insufficient input sanitization and output escaping on the user-supplied Custom CSS value. This makes i...
PT-2025-47248
Name of the Vulnerable Software and Affected Versions VK All in One Expansion Unit plugin for WordPress versions prior to 9.112.1 Description The software is susceptible to Stored Cross-Site Scripting through the veu custom css parameter. Insufficient input sanitization and output escaping on the...
WordPress plugin WP Duplicate Page 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin CSV to SortTable 跨站脚本漏洞
WordPress CSV to SortTable plugin is WordPress plugin for converting CSV files to interactive sorting tables. The WordPress CSV to SortTable plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...
WordPress plugin Like-it 跨站请求伪造漏洞
WordPress Like-it plugin is an extension to add like-it functionality to WordPress blogs, allowing users to perform like-it operations on posts or comments. The WordPress Like-it plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does not...
WordPress plugin Pie Forms for WP 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
WordPress plugin everviz 跨站脚本漏洞
WordPress everviz plugin is an interactive chart, map and table generator for the WordPress platform that allows you to quickly create visual content without programming skills. WordPress everviz plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress Broken Link Checker by AIOSEO plugin <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Post Trashing vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Broken Link Checker versions = 1.2.5...
WordPress Download Panel plugin <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Ivan Cese in WordPress Plugin Download Panel Biggiko Team versions = 1.3.3...
WordPress ArtiBot Free Chat Bot for WebSites plugin <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage vulnerability
Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin ArtiBot versions = 1.1.7...
WordPress CSV to SortTable plugin <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...
CVE-2025-7711
CVE-2025-7711 affects The Classified Listing – Classified ads & Business Directory Plugin for WordPress. The vulnerability arises from improper validation before do_shortcode, enabling authenticated users with Subscriber+ privileges to execute arbitrary shortcodes via listing descriptions. Affect...
WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Contact Form Email versions = 1.3.58...
CVE-2025-55073
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...
WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...
EUVD-2025-186555
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL...
WordPress Plugin Auto Amazon Links - Amazon Associates Affiliate Arbitrary File Read Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in the WordPress plugin Auto Amazon Links - Amazon...
WordPress Plugin Chart Expert Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Chart Expert, which stems...