15852 matches found
CVE-2025-58638
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through = 1.3.3...
WordPress Ace User Management plugin <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest vulnerability
Subscriber+ Authentication Bypass via Password Rest vulnerability discovered by aschoiloa1890 in WordPress Plugin Ace User Management versions = 2.0.3...
WordPress plugin Page & Post Notes 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin WP Airbnb Review Slider 跨站脚本漏洞
WordPress WP Airbnb Review Slider plugin is a slider plugin for displaying Airbnb reviews on your WordPress website with support for custom animations, layouts and other advanced features. The WordPress WP Airbnb Review Slider plugin suffers from a cross-site scripting vulnerability that stems fr...
CVE-2025-60191
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a throug...
CVE-2025-62950 WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...
CVE-2025-62047
CVE-2025-62047 concerns WordPress Case Addons (< 1.3.0) where an Unrestricted Upload of File with Dangerous Type exists in the Case Addons plugin. The CNVD/Red Hat/NVD entries confirm the issue affects Case Addons and describe a path to remote code execution via arbitrary file uploads. The Wor...
CVE-2025-62040 WordPress YOP Poll plugin <= 6.5.37 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YOP YOP Poll yop-poll.This issue affects YOP Poll: from n/a through = 6.5.37...
CVE-2025-60245 WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...
CVE-2025-60242
CVE-2025-60242 affects WordPress Plugin Download Counter (versions
CVE-2025-60200
The CVE-2025-60200 entry is a concrete local file inclusion issue in the WordPress plugin LearnPress Export Import (versions ≤ 4.0.9 per multiple sources). Affected component: the plugin’s PHP include/require handling allowing an attacker-controlled filename to be included remotely, enabling PHP ...
CVE-2025-60189 WordPress PoloPag – Pix Automático para Woocommerce plugin <= 2.0.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through ...
CVE-2025-60188
CVE-2025-60188 affects the WordPress Atarim visual-collaboration plugin (Atarim <= 4.2.x). The vulnerability is an insertion of sensitive information into sent data caused by improper handling of embedded sensitive data, enabling retrieval of embedded sensitive data remotely. Impact is informa...
CVE-2025-58996 WordPress Advanced Settings Plugin <= 3.1.1 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through = 3.1.1...
CVE-2025-58627
The CVE-2025-58627 issue affects WordPress Miraculous Core Plugin (miraculouscore) versions before 2.0.9. It is an Insecure Direct Object References (IDOR) vulnerability caused by a user-controllable key that enables an authorization bypass due to misconfigured access control. Affects Miraculous ...
EUVD-2025-38142
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through 2.0.9...
CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...
CVE-2025-53246
CVE-2025-53246: WordPress Plugin Backup and Move
CVE-2025-52773
CVE-2025-52773 affects the WordPress plugin HieCOR Payment Gateway Plugin (hcv4-payment-gateway)
CVE-2025-49909 WordPress Penci Bookmark & Follow plugin < 2.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects Penci Bookmark & Follow: from n/a through 2.4...