15798 matches found
CVE-2026-42648 WordPress Spectra plugin <= 2.19.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through = 2.19.22...
PT-2026-35916
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea d580c1a b a and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...
CVE-2026-6551
The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-41463 ProjeQtor < 12.4.4 ZipSlip Path Traversal via uploadPlugin.php
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory traversal sequences...
PT-2026-35424
https://t.co/5LsebxfRXc CVE-2026-39491 jupiterx-core CVSS Score 6.4 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge...
WordPress Plugin TheGem Theme Elements for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
EUVD-2026-25405
The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnixdeletemyaccount function, where the checkajaxreferer call is explicitly commented out on line 883. This makes it possib...
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
CVE-2026-5364 Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the...
WordPress plugin HubSpot All-In-One Marketing - Forms, Popups, Live Chat 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-3361
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsladdress' post meta value in versions up to, and including, 2.2.261 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1923
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin HT Mega Addons for Elementor 信息泄露漏洞
WordPress is a blog platform developed using the PHP language by the WordPress Foundation. This platform allows users to create personal blogs on servers based on PHP and MySQL. WordPress Plugins are application plugins developed by the WordPress Foundation. The WordPress plugin HT Mega Addons fo...
WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0xManticore in WordPress Plugin Contact Form to Any API versions = 3.0.3...
EUVD-2026-24706
The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplayoption function, which handles the plugin settings page. The settings form does not include a wpnoncefield, and...
CVE-2026-4074
CVE-2026-4074 affects the WordPress plugin Quran Live Multilanguage (versions up to 1.0.3). The issue is a Stored XSS via the shortcodes cheikh and lang due to insufficient sanitization and direct echo into JavaScript context inside [removed] blocks from quran_live_render()/Render_Quran_Live::ren...
CVE-2026-4142
The WordPress plugin Sentence To SEO (keywords, description and tags) <= 1.0 is affected by a Stored Cross-Site Scripting (Stored XSS) vulnerability. The issue arises from insufficient input sanitization and output escaping in the Permanent keywords field across all versions up to 1.0. User in...
CVE-2026-1379
The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
PT-2026-34292
Name of the Vulnerable Software and Affected Versions WP Responsive Popup + Optin versions prior to 1.5 Description The WP Responsive Popup + Optin plugin for WordPress is susceptible to Cross-Site Request Forgery. The settings form on the admin page 'wpo admin page.php' fails to implement nonce...
WordPress plugin Kcaptcha 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...