WordPress Content Writer plugin <= 3.6.8 - Unauthenticated Information Exposure via Log File vulnerability

Unauthenticated Information Exposure via Log File vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Content Writer versions = 3.6.8...

WordPress Demo Import Kit plugin <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by vodanh in WordPress Plugin Demo Import Kit versions = 1.1.0...

WordPress Quick Social Login plugin <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Quick Social Login versions = 1.4.6...

WordPress Ova Advent plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Marco Wotschka in WordPress Plugin Ova Advent versions = 1.1.7...

WordPress plugin Flex QR Code Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress plugin Shortcode Button 跨站脚本漏洞

WordPress Shortcode Button plugin is a plugin or function to quickly insert buttons through a short code, mainly used to simplify the process of adding buttons to a page or post, support for custom styles and parameter settings. WordPress Shortcode Button plugin has a cross-site scripting...

WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin H5P versions = 1.16.0...

WordPress All Social Share Options plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress All Social Share Options plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of sc...

WordPress Chartify plugin Access Control Error Vulnerability

WordPress Chartify is a plugin for quickly building charts and graphs in your WordPress website, supporting both static and dynamic data visualization, compatible with 22 chart types including line charts, pie charts, bar charts, geographic charts and more. The WordPress Chartify plugin suffers...

WordPress Epic Bootstrap Buttons plugin cross-site scripting vulnerability

WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...

WordPress Fintelligence Calculator plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Fintelligence Calculator plugin, which stems from a lack of valid filtering and escaping of the...

WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Advanced scrollbar versions = 1.1.8...

CVE-2025-7781

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘csjobtitle’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-9950

The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwrgetfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of...

CVE-2025-7652

The Easy Plugin Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eps' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin Easy Plugin Stats 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

WordPress plugin Contest Gallery – Upload, Vote & Sell with PayPal and Stripe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin My auctions allegro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

WordPress Ovatheme Events Manager plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.5...

WordPress Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin <= 27.0.3 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Contest Gallery versions = 27.0.3...