WordPress plugin Cobble 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-20992

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's vc quizmaker shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2026-21125

Name of the Vulnerable Software and Affected Versions GhostPool Aardvark Plugin aardvark-plugin versions through 2.19 Description An authorization issue exists in the GhostPool Aardvark Plugin. The issue involves incorrectly configured access control security levels, potentially allowing...

WordPress plugin Extreme Store 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin SOHO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-27440 WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

WordPress Orderable plugin <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Orderable versions = 1.20.0...

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...

CVE-2026-27074 WordPress Shortcoder plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vaakash Shortcoder shortcoder allows Stored XSS.This issue affects Shortcoder: from n/a through = 6.5.1...

CVE-2026-27090

CVE-2026-27090 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin Kenta Companion (kenta-companion) , affecting versions up to 1.3.3 . The available documents identify the vulnerability and affected component but do not provide explicit exploit details, attack vectors, or remed...

CVE-2026-27066 WordPress Live sales notification for WooCommerce plugin <= 2.3.61 - Broken Access Control vulnerability

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through = 2.3.61...

CVE-2026-27057

CVE-2026-27057 concerns the WordPress plugin Penci Filter Everything by PenciDesign (versions

CVE-2026-27059 WordPress Penci Recipe plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through = 4.1...

CVE-2026-27057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...

CVE-2026-25473 WordPress WZone plugin <= 14.0.31 - Broken Access Control vulnerability

Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through = 14.0.31...

CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

CVE-2026-25472 WordPress Fusion Builder plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through = 3.14.1...

CVE-2026-25411 WordPress Revision Manager TMC plugin <= 2.8.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through = 2.8.22...

CVE-2026-25385

Summary (CVE-2026-25385): A Server-Side Request Forgery (SSRF) vulnerability exists in the WordPress plugin URL Shortify (KaizenCoders) for versions from the initial release up to and including 1.12.3. Public sources in the Connected documents corroborate the SSRF issue and indicate the vulnerabi...

CVE-2026-25362

CVE-2026-25362 describes a stored XSS in the FooGallery plugin for WordPress (FooGallery