WordPress plugin WP Airbnb Review Slider 跨站脚本漏洞

WordPress WP Airbnb Review Slider plugin is a slider plugin for displaying Airbnb reviews on your WordPress website with support for custom animations, layouts and other advanced features. The WordPress WP Airbnb Review Slider plugin suffers from a cross-site scripting vulnerability that stems fr...

CVE-2025-60191

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a throug...

CVE-2025-62950 WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through = 28.0.0...

CVE-2025-62047

CVE-2025-62047 concerns WordPress Case Addons (&lt; 1.3.0) where an Unrestricted Upload of File with Dangerous Type exists in the Case Addons plugin. The CNVD/Red Hat/NVD entries confirm the issue affects Case Addons and describe a path to remote code execution via arbitrary file uploads. The Wor...

CVE-2025-62040 WordPress YOP Poll plugin <= 6.5.37 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YOP YOP Poll yop-poll.This issue affects YOP Poll: from n/a through = 6.5.37...

CVE-2025-60245 WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...

CVE-2025-60242

CVE-2025-60242 affects WordPress Plugin Download Counter (versions

CVE-2025-60200

The CVE-2025-60200 entry is a concrete local file inclusion issue in the WordPress plugin LearnPress Export Import (versions ≤ 4.0.9 per multiple sources). Affected component: the plugin’s PHP include/require handling allowing an attacker-controlled filename to be included remotely, enabling PHP ...

CVE-2025-60189 WordPress PoloPag – Pix Automático para Woocommerce plugin <= 2.0.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through ...

CVE-2025-60188

CVE-2025-60188 affects the WordPress Atarim visual-collaboration plugin (Atarim &lt;= 4.2.x). The vulnerability is an insertion of sensitive information into sent data caused by improper handling of embedded sensitive data, enabling retrieval of embedded sensitive data remotely. Impact is informa...

CVE-2025-58996 WordPress Advanced Settings Plugin <= 3.1.1 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through = 3.1.1...

CVE-2025-58627

The CVE-2025-58627 issue affects WordPress Miraculous Core Plugin (miraculouscore) versions before 2.0.9. It is an Insecure Direct Object References (IDOR) vulnerability caused by a user-controllable key that enables an authorization bypass due to misconfigured access control. Affects Miraculous ...

EUVD-2025-38142

Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through 2.0.9...

CVE-2025-53316 WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through = 1.0.0...

CVE-2025-53246

CVE-2025-53246: WordPress Plugin Backup and Move

CVE-2025-52773

CVE-2025-52773 affects the WordPress plugin HieCOR Payment Gateway Plugin (hcv4-payment-gateway)

CVE-2025-49909 WordPress Penci Bookmark & Follow plugin < 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects Penci Bookmark & Follow: from n/a through 2.4...

CVE-2025-49390 WordPress Cookie Notice & Consent plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects Cookie Notice & Consent: from n/a through = 1.6.4...

CVE-2025-49372 WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through = 1.0.7...

CVE-2025-48083

CVE-2025-48083 affects the WordPress plugin wpNamedUsers (versions &lt;= 0.5). The issue is a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored XSS. Base metrics show CVSS 3.1, with a high impact: confidentiality, integrity, and availability all rated High/H. The vulnerability ...