WordPress FormGent plugin < 1.0.4 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin FormGent versions 1.0.4...

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Cookie Notice & Compliance for GDPR / CCPA versions = 2.5.8...

CVE-2025-11536

CVE-2025-11536 : Element Pack Addons for Elementor (WordPress)

WordPress Sendle Shipping plugin <= 6.02 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Sendle Shipping versions = 6.02...

CVE-2025-10006

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'revslidervc' shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11270

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possib...

WordPress PowerBI Embed Reports plugin <= 1.2.0 - Unauthenticated Sensitive Information Disclosure vulnerability

Unauthenticated Sensitive Information Disclosure vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin PowerBI Embed Reports versions = 1.2.0...

WordPress plugin WPC Smart Quick View for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin RegistrationMagic 代码问题漏洞

WordPress, etc. are products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language.PHP, etc. are products of PHP.PHP is a scripting language that executes on the server side.WebSockets ws, etc. are products of the WebSockets open source.ws is a...

WordPress plugin Flickr Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-48087

CVE-2025-48087 is a stored XSS in the WordPress plugin Memberlite Shortcodes (versions

CVE-2025-48087 WordPress Memberlite Shortcodes plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through 1.4.1...

EUVD-2025-34875

The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.0. This is due to the bmpuserpayoutdetailofcurrentuser function selecting payout records solely by id without verifying ownership. This makes it possible for authenticate...

WordPress WP Travel Gutenberg Blocks plugin <= 3.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Travel Gutenberg Blocks versions = 3.9.2...

WordPress UDesign Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UDesign Core versions = 4.14.1...

WordPress UDesign Core plugin <= 4.14.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UDesign Core versions = 4.14.0...

WordPress Content Writer plugin <= 3.6.8 - Unauthenticated Information Exposure via Log File vulnerability

Unauthenticated Information Exposure via Log File vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Content Writer versions = 3.6.8...

WordPress Demo Import Kit plugin <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by vodanh in WordPress Plugin Demo Import Kit versions = 1.1.0...

WordPress Quick Social Login plugin <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Quick Social Login versions = 1.4.6...

WordPress Ova Advent plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Marco Wotschka in WordPress Plugin Ova Advent versions = 1.1.7...