15840 matches found
Atarim < 4.2.2 - Sensitive Information Exposure
Vito Peleg Atarim = 4.2 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve embedded sensitive data remotely, exploit requires no special privileges. id: CVE-2025-60188 info: name: Atarim...
WordPress SportsPress plugin <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SportsPress – Sports Club & League Manager versions = 2.7.26...
WordPress Xendit Payment plugin <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability
Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Xendit Payment versions = 6.0.2...
CVE-2026-1755 Menu Icons by ThemeIsle <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting
The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpattachmentimagealt’ post meta in all versions up to, and including, 0.13.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1755
The CVE concerns the WordPress plugin Menu Icons by ThemeIsle (versions up to and including 0.13.20). It describes a Stored Cross-Site Scripting vulnerability via the _wp_attachment_image_alt post meta caused by insufficient input sanitization and output escaping. Exploitation requires authentica...
CVE-2026-24998 WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through = 7.8.9.2...
CVE-2026-24991 WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...
CVE-2026-24952
Summary: CVE-2026-24952 affects the WordPress plugin Seriously Simple Podcasting (≤ 3.14.1). The issue is stored Cross-Site Scripting caused by improper input handling during web page generation. Impact: CVSSv3.1 base score 6.5 (Medium); confidentiality, integrity, and availability are LOW. Root ...
CVE-2026-24954 WordPress WpEvently plugin <= 5.0.8 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.0.8...
CVE-2026-24942 WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through = 5.1.1...
WordPress Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability
Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.1...
WordPress Authorsy plugin <= 1.0.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin Authorsy versions = 1.0.6...
WordPress GS Books Showcase plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Books Showcase versions = 1.3.1...
WordPress Password for WP plugin <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Password for WP versions = 1.5...
WordPress Tabs Maker plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Pham Van Tam - The Vietnamese Security Network - VSEC in WordPress Plugin Tabs Maker versions = 1.0...
WordPress Payment Button for PayPal plugin <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation vulnerability
Missing Authorization to Unauthenticated Arbitrary Order Creation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Payment Button for PayPal versions = 1.2.3.41...
WordPress Ganohrs Toggle Shortcode plugin <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ganohrs Toggle Shortcode versions = 0.2.4...
WordPress EventPrime plugin <= 3.4.2 - Unauthenticated Booking Payment Bypass vulnerability
Unauthenticated Booking Payment Bypass vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.2...
PT-2026-5966
Name of the Vulnerable Software and Affected Versions ExpressTech Systems Quiz And Survey Master versions through 10.3.1 Description A flaw exists in ExpressTech Systems Quiz And Survey Master that allows for SQL Injection. The issue impacts approximately 40,000 WordPress sites globally. A...
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via form widget addr2width attribute vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.30...