WordPress plugin YouTube Embed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-53287

Name of the Vulnerable Software and Affected Versions Embeds For YouTube Plugin Support YouTube Embed versions through 5.4 Description The YouTube Embed plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This allo...

WordPress plugin Vimeotheque 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

WordPress plugin WPBulky SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

WordPress plugin VPSUForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-11496

The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-47232

Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6...

WordPress plugin WC Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-12581

CVE-2025-12581 affects the WordPress plugin Attachments Handler (versions up to 1.1.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) via URL stemming from insufficient input sanitization/output escaping. It allows unauthenticated attackers to inject arbitrary scripts into pages tha...

PT-2025-52542

Name of the Vulnerable Software and Affected Versions F70 Lead Document Download plugin for WordPress versions through 1.4.4 Description The F70 Lead Document Download plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check within the fil...

WordPress plugin Amazon affiliate lite Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-52438

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...

CVE-2025-64235 WordPress Tuturn plugin < 3.6 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6...

EUVD-2025-204090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through 5.6...

CVE-2025-66116 WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through = 2.3...

CVE-2025-66078 WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through = 5.2.3...

CVE-2025-66074 WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through = 3.3.8...

CVE-2025-66054

CVE-2025-66054 describes a missing authorization vulnerability in the WordPress LearnPress plugin (LearnPress

CVE-2025-64266

The CVE pertains to WordPress Plugin Booking and Rental Manager for WooCommerce (versions up to 2.5.4). The issue is a Deserialization of Untrusted Data vulnerability that enables Object Injection via the plugin’s handling of data, as described across CVE records from NVD/Red Hat/ENISA and third-...

CVE-2025-64189

CVE-2025-64189 affects the WordPress XStore Core et-core-plugin. It is a Cross-Site Scripting (Reflected XSS) vulnerability caused by improper input neutralization during web page generation. The issue affects XStore Core versions from n/a up to and including