WordPress plugin Shortcode Button 跨站脚本漏洞

WordPress Shortcode Button plugin is a plugin or function to quickly insert buttons through a short code, mainly used to simplify the process of adding buttons to a page or post, support for custom styles and parameter settings. WordPress Shortcode Button plugin has a cross-site scripting...

WordPress plugin Flex QR Code Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin H5P versions = 1.16.0...

WordPress Fintelligence Calculator plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Fintelligence Calculator plugin, which stems from a lack of valid filtering and escaping of the...

WordPress Epic Bootstrap Buttons plugin cross-site scripting vulnerability

WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...

WordPress Chartify plugin Access Control Error Vulnerability

WordPress Chartify is a plugin for quickly building charts and graphs in your WordPress website, supporting both static and dynamic data visualization, compatible with 22 chart types including line charts, pie charts, bar charts, geographic charts and more. The WordPress Chartify plugin suffers...

WordPress All Social Share Options plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress All Social Share Options plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of sc...

WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Advanced scrollbar versions = 1.1.8...

CVE-2025-7781

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘csjobtitle’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-9950

The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwrgetfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of...

CVE-2025-7652

The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin My auctions allegro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

WordPress plugin Contest Gallery – Upload, Vote & Sell with PayPal and Stripe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Easy Plugin Stats 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

WordPress Ovatheme Events Manager plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.5...

WordPress Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin <= 27.0.3 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Contest Gallery versions = 27.0.3...

WordPress Slider Revolution plugin <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.37...

WordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Certus Cybersecurity in WordPress Plugin Media LIbrary Assistant versions = 3.29...

CVE-2025-10586

Summary: CVE-2025-10586 affects the WordPress Plugin “Community Events.” The vulnerability is a SQL injection in the event_venue parameter for versions up to and including 1.5.1, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Impact: Authenticated attac...

WordPress plugin Lisfinity Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...