WordPress Tablesome plugin <= 1.1.35.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Tablesome versions = 1.1.35.1...

WordPress FV Simpler SEO plugin <= 1.9.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin FV Simpler SEO versions = 1.9.6...

CVE-2025-62880 WordPress Custom 404 Pro plugin <= 3.12.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through = 3.12.0...

CVE-2025-11496

The Five Star Restaurant Reservations – WordPress Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rtb-name' parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-47232

Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6...

WordPress Grider for Elementor plugin missing license vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Grider for Elementor plugin, which can be exploited by an attacker to leverage an incorrectly configured access...

WordPress FileBird Pro plugin missing authorization vulnerability

WordPress FileBird Pro plugin is a media library management plugin for WordPress websites designed to help users organize and manipulate media files more efficiently. A missing authorization vulnerability exists in WordPress FileBird Pro plugin, which can be exploited by an attacker to leverage a...

CVE-2025-14855

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

WordPress plugin WC Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress Editorial Calendar plugin <= 3.8.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Editorial Calendar versions = 3.8.8...

CVE-2025-13307

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...

CVE-2025-12581

CVE-2025-12581 affects the WordPress plugin Attachments Handler (versions up to 1.1.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) via URL stemming from insufficient input sanitization/output escaping. It allows unauthenticated attackers to inject arbitrary scripts into pages tha...

WordPress plugin Amazon affiliate lite Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-52542

Name of the Vulnerable Software and Affected Versions F70 Lead Document Download plugin for WordPress versions through 1.4.4 Description The F70 Lead Document Download plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check within the fil...

WordPress plugin Amazon affiliate lite Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin Overstock Affiliate Links 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Responsive and Swipe slider plugin <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Bhumividh Treloges in WordPress Plugin RESPONSIVE AND SWIPE SLIDER! versions = 1.0.2...

EUVD-2025-204469

The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata function. This makes it possible for unauthenticated attackers to make web...

PT-2025-52438

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible fo...

CVE-2025-63002 WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpforchurch Sermon Manager sermon-manager-for-wordpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through = 2.30.0...