WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Certus Cybersecurity in WordPress Plugin Add Custom Codes versions = 4.80...

WordPress Jabbernotification plugin <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability

Reflected Cross-Site Scripting via admin.php PATHINFO vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Jabbernotification versions = 0.99-RC2...

WordPress Time Sheets plugin <= 2.1.3 - Use of Known Vulnerable Component vulnerability

Use of Known Vulnerable Component vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Time Sheets versions = 2.1.3...

CVE-2025-13528

CVE-2025-13528 concerns the WordPress plugin Feedback Modal for Website (WordPress plugin). The vulnerability is an unauthenticated data export exposure via the export_data parameter caused by a missing capability check on the handle_export function in all versions up to and including 1.0.1. Mult...

CVE-2025-12417

The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'surveyfunnellitesurvey' shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

WordPress plugin Wp Social Login and Register Social Counter 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin dream gallery 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

WordPress plugin SurveyFunnel – Survey Plugin for WordPress 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in SurveyFunnel - Survey Plugin for WordPress...

PT-2025-49232

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark rp options page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via ...

PT-2025-49208

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopby ajax optimize gallery function. This makes it possible for unauthenticated attackers to...

WordPress plugin Cool Tag Cloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin SurveyFunnel – Survey Plugin for WordPress 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

WordPress Image Cleanup plugin <= 1.9.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Image Cleanup versions = 1.9.2...

WordPress Modula plugin 2.13.1-2.13.2 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by ISMAILSHADOW in WordPress Plugin Modula Image Gallery versions 2.13.1-2.13.2...

WordPress SureMail – SMTP and Email Logs plugin with Amazon SES, Postmark, and Other Providers plugin <= 1.9.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by type5afe in WordPress Plugin SureMail versions = 1.9.0...

WordPress plugin Everest Backup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-48795

Advanced Custom Fields: Extended and Affected Versions Advanced Custom Fields: Extended versions 0.9.0.5 through 0.9.1.1 Description The Advanced Custom Fields: Extended plugin for WordPress has a flaw that allows for Remote Code Execution RCE. This is due to the prepare form function accepting...

CVE-2025-13685 Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions

The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'processbulkaction' function. This makes it possible for unauthenticated attacke...

WordPress plugin SurveyJS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress Beaver Builder – WordPress Page Builder plugin <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification vulnerability

Missing Authorization to Authenticated Contributor+ Global Preset Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Beaver Builder versions = 2.9.4...