CVE-2025-67962

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through = 1.2.6...

WordPress plugin HTML Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2025-203536

Cross-Site Request Forgery CSRF vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through = 1.0...

CVE-2025-68070 WordPress VK Google Job Posting Manager plugin <= 1.2.22 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through = 1.2.22...

CVE-2025-68055 WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.32...

CVE-2025-67985

CVE-2025-67985 affects Document Library Lite (WordPress plugin) with an Unauthenticated Insecure Direct Object Reference due to insecure access controls. Impact recorded as medium (CVSS ~5.3) in the source; affected versions are Document Library Lite

CVE-2025-67962 WordPress Broken Link Checker plugin <= 1.2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through = 1.2.6...

CVE-2025-67950 WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

CVE-2025-66147 WordPress Coder for Elementor plugin <= 1.0.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Coder for Elementor coder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coder for Elementor: from n/a through = 1.0.13...

CVE-2025-66134

CVE-2025-66134 concerns the WordPress plugin NinjaTeam FileBird Pro (FileBird Pro) with versions up to and including 6.4.9. The connected sources describe a missing/incorrectly configured authorization mechanism (broken access control) that permits exploitation through misconfigured access contro...

CVE-2025-66132

CVE-2025-66132 affects FAPI Member (WordPress plugin) according to Wordfence vulnerability details. The issue is described as an Unauthenticated Insecure Direct Object Reference (IDOR) affecting FAPI Member, with affected software listed as FAPI Member and versions up to at least 2.2.29. The entr...

CVE-2025-66128 WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through = 4.0.49...

CVE-2025-66127

CVE-2025-66127 concerns a Missing Authorization (broken access control) vulnerability in the WordPress plugin Essential Real Estate (g5theme Essential Real Estate) affecting versions up to 5.2.2. Affected software is the Essential Real Estate WordPress plugin; root cause is incorrectly configured...

CVE-2025-64239

CVE-2025-64239 is a CSRF vulnerability in the WordPress RTL Tester plugin (rtl-tester) affecting RTL Tester versions up to and including 1.2. The CVSS base score is 4.3 (Medium) with a Network attack vector and required user interaction. Connected sources confirm the RTL Tester entry and CSRF con...

CVE-2025-54004

CVE-2025-14998 (Branda – White Label & Branding, Free Login Page Customizer) is a confirmed WordPress vulnerability with unauthenticated privilege escalation via account takeover. Wordfence coverage notes a critical flaw (CVSS 9.8) affecting Branda versions

WordPress plugin Semrush Content Toolkit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin SiteGround Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Modalier for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

PT-2025-51428

Name of the Vulnerable Software and Affected Versions merkulove Lottier for WPBakery versions through 1.1.7 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the access control...

WordPress plugin Stars Testimonials 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exis...