15840 matches found
CVE-2026-25008
The CVE-2026-25008 entry concerns WordPress Ninja Tables (ninja-tables) versions up to and including 5.2.5. The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability that enables retrieval of embedded sensitive data from Ninja Tables. All connected sources consi...
CVE-2026-23804
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through = 0.1.1...
CVE-2026-23545
CVE-2026-23545 describes a Missing Authorization/Broken Access Control vulnerability in the Aruba HiSpeed Cache WordPress plugin. Affected product: Aruba HiSpeed Cache, up to version 3.0.4. Public sources (Patchstack, CVE list, Red Hat/CVE repositories, and Wordfence vulnerability reports) confir...
CVE-2026-22333 WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through = 3.6.0...
CVE-2026-27056 WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...
CVE-2025-14445
The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspotcontent' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12975
The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...
CVE-2025-11754
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...
WordPress Clasifico Listing plugin <= 2.0 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Clasifico Listing versions = 2.0...
CVE-2026-2284
CVE-2026-2284 concerns the News Element Elementor Blog Magazine plugin for WordPress (
CVE-2026-0974
The CVE affects the WordPress plugin Orderable (Restaurant Online Ordering System) up to version 1.20.0. A missing capability check in the install_plugin function allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins, which can lead to Remote Code Exec...
CVE-2025-12081
The CVE-2025-12081 entry concerns the WordPress plugin ACF Photo Gallery Field (navz-photo-gallery) with versions up to 3.0. The root cause is a missing capability check in the acf_photo_gallery_edit_save function, allowing authenticated attackers with subscriber+ privileges to modify attachment ...
WordPress plugin Easy SVG Support 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Breeze - WordPress Cache Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Virusdie 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The version...
WordPress plugin Orderable 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Better Business Reviews 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Shopwell 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin WP Compress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...