PT-2026-1961

Name of the Vulnerable Software and Affected Versions WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress versions through 1.1.8 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping...

WordPress plugin weDocs 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

WordPress Clearfy plugin <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering vulnerability

Cross-Site Request Forgery to Update Notification Tampering vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Clearfy Cache versions = 2.4.0...

CVE-2026-22486

Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9...

CVE-2026-22522 WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...

WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Image&Video FullScreen Background versions = 1.6.7...

CVE-2025-68892

CVE-2025-68892 — Reflected XSS in the WordPress plugin Scroll rss excerpt (vulnerable through version

CVE-2025-68874 WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through = 1.5.0...

CVE-2025-67927 WordPress Link Whisper Free plugin <= 0.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.8.8...

CVE-2025-67926

CVE-2025-67926 is a public WordPress vulnerability described by Wordfence in the January 2026 weekly vulnerability report. It is a Missing Authorization issue in Fluent Support (WordPress plugin) where access control is incorrectly configured, affecting Fluent Support versions up to 1.10.4. The C...

CVE-2025-67919 WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through = 5.4.30...

CVE-2025-67915

CVE-2025-67915 affects the Timetics: Appointment Booking Calendar (WP Timetics Booking Plugin) Timetics &lt;= 1.0.46. Wordfence reports an Incorrect Authorization issue (Authenticated Timetics Customer+) that enables user creation, i.e., an authentication/authorization bypass leading to account c...

CVE-2025-67913

CVE-2025-67913 describes a Missing Authorization vulnerability in Aruba HiSpeed Cache (aruba-hispeed-cache). Access to functionality is not properly constrained by ACLs, affecting Aruba HiSpeed Cache versions older than 3.0.3. Red Hat notes the issue under the same CVE and confirms patching in Ar...

CVE-2025-27002

CVE-2025-27002: Reflected XSS in CountDown With Image or Video Background (WordPress plugin). Affected: CountDown With Image or Video Background

CVE-2025-22726

CVE-2025-22726 is a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin nK Themes Helper (nk-themes-helper). The vulnerability affects versions from 0 up to and including 1.7.9, allowing an attacker to cause the server to make arbitrary requests. The publicly cited CVSS vecto...

CVE-2025-23504

CVE-2025-23504 affects RiceTheme Felan Framework (felan-framework) up to version 1.1.3. The vulnerability is an Authentication Bypass via an alternate path or channel, enabling Authentication Abuse. Impact details stated across sources indicate high severity with potential total implications for ...

CVE-2025-22713 WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

CVE-2025-22725

CVE-2025-22725 affects the WordPress plugin WP Virtual Assistant (VirtualAssistant) . The connected Wordfence report confirms an unauthenticated stored XSS vulnerability in the plugin’s web page generation, affecting the “Virtual Assistant” feature and versions up to 3.0/3.1 as cited. The CVE des...

WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability

Account Takeover vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...

WordPress WP Virtual Assistant plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Virtual Assistant versions = 3.1...