15726 matches found
CVE-2026-25326 WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...
CVE-2026-25326 WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...
CVE-2026-25322 WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through = 3.7.22...
CVE-2026-25314
CVE-2026-25314 impacts the WordPress plugin “TOP Table Of Contents” (TOP Table Of Contents: WordPress plugin). The Red Hat and CVE feeds, NVD and CVE List entries indicate a missing authorization vulnerability described as broken access control in TOP Table Of Contents versions up to and includin...
CVE-2026-25307 WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.7...
CVE-2026-25307 WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.7...
CVE-2026-25008
The CVE-2026-25008 entry concerns WordPress Ninja Tables (ninja-tables) versions up to and including 5.2.5. The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability that enables retrieval of embedded sensitive data from Ninja Tables. All connected sources consi...
CVE-2026-23804
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through = 0.1.1...
CVE-2026-23545
CVE-2026-23545 describes a Missing Authorization/Broken Access Control vulnerability in the Aruba HiSpeed Cache WordPress plugin. Affected product: Aruba HiSpeed Cache, up to version 3.0.4. Public sources (Patchstack, CVE list, Red Hat/CVE repositories, and Wordfence vulnerability reports) confir...
CVE-2026-22333 WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through = 3.6.0...
CVE-2026-27056 WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...
CVE-2025-14445
The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspotcontent' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12975
The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...
CVE-2025-11754
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...
WordPress Clasifico Listing plugin <= 2.0 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Clasifico Listing versions = 2.0...
CVE-2026-2284
CVE-2026-2284 concerns the News Element Elementor Blog Magazine plugin for WordPress (
CVE-2026-0974
The CVE affects the WordPress plugin Orderable (Restaurant Online Ordering System) up to version 1.20.0. A missing capability check in the install_plugin function allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins, which can lead to Remote Code Exec...
CVE-2025-12081
The CVE-2025-12081 entry concerns the WordPress plugin ACF Photo Gallery Field (navz-photo-gallery) with versions up to 3.0. The root cause is a missing capability check in the acf_photo_gallery_edit_save function, allowing authenticated attackers with subscriber+ privileges to modify attachment ...
WordPress plugin URL Shortify 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20577
Name of the Vulnerable Software and Affected Versions ACF Photo Gallery Field versions prior to 3.1 Description The ACF Photo Gallery Field plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the acf photo gallery edit sa...