WordPress plugin ShareThis Dashboard for Google Analytics 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...

WordPress plugin WP Js List Pages Shortcodes 跨站脚本漏洞

...

PT-2026-1628

Name of the Vulnerable Software and Affected Versions Stumble! for WordPress plugin versions up to and including 1.1.1 Description The Stumble! for WordPress plugin is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping of the $...

WordPress plugin WP Enable WebP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress plugin Oneline Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Snillrik Restaurant plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'menustyle' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Snillrik Restaurant versions = 2.2.1...

WordPress Responsive Pricing Table plugin <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tablecurrency' vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Responsive Pricing Table versions = 5.1.12...

WordPress Easy GitHub Gist Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Easy GitHub Gist Shortcodes versions = 1.0...

WordPress Smart App Banners plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Smart App Banners versions = 1.2...

WordPress ACF to REST API plugin <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ ACF Field/Option Modification vulnerability discovered by Kai Aizen in WordPress Plugin ACF to REST API versions = 3.3.4...

WordPress NS IE Compatibility Fixer plugin <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin NS Ie Compatibility Fixer versions = 2.1.5...

CVE-2025-69359

The CVE-2025-69359 entry concerns a Missing Authorization vulnerability in Creator LMS (Creator LMS – The LMS for Creators, Coaches, and Trainers). The connected Wordfence report confirms this issue exists in Creator LMS versions from inception up to and including 1.1.12 and describes it as an ac...

CVE-2025-69351 WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.4...

CVE-2025-69335 WordPress Team Showcase plugin <= 2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themepoints Team Showcase team-showcase allows Stored XSS.This issue affects Team Showcase: from n/a through = 2.9...

CVE-2025-69334

CVE-2025-69334 affects Wishlist for WooCommerce: Multi Wishlists Per Customer. The WordPress plugin suffers a Stored XSS due to improper neutralization during web page generation, potentially affecting Wishlist for WooCommerce versions 1 through

CVE-2025-9637

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticat...

WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Better Business Reviews versions = 0.1.1...

CVE-2025-15001

The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticate...

WordPress plugin UiChemy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Depicter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...