PT-2026-43534

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin'...

WordPress 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Modification vulnerability discovered by Legion Hunter in WordPress Plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On versions = 2.0.1...

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 资源管理错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-43491

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

Jenkins Multijob Plugin 安全漏洞

Jenkins Multijob Plugin is an open-source plugin for Jenkins that manages multi-task builds. The Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier versions have security vulnerabilities. These vulnerabilities stem from cross-site request forgery attacks, which may allow attackers to restore...

WordPress plugin WPCS 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Firebase Support & Chat Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin Advanced Custom Fields: Font Awesome Field 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-44018

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Integration Plugin versions prior to 0.7.4 Description A cross-site request forgery CSRF flaw allows attackers to trigger a build for a pull request. CSRF is a type of attack that tricks a victim into submitting a malicious...

WordPress plugin Query Shortcode 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress myLinksDump plugin <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin myLinksDump versions = 1.6...

WordPress WP Promoter plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Promoter versions = 1.3...

WordPress BitForm – Data management solution for WordPress plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BitForm – Data management solution for WordPress versions = 1.1.0...

WordPress Post Categories Gallery plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Post Categories Gallery versions = 1.0.0...

WordPress Events In City plugin <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Events In City versions = 3.0...

CVE-2026-8174

Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery CSRF. This issue affects Zoho Mail wordpress plugin versions before 1.6.2...

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ChuongVN in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...

CVE-2026-24638 WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...

WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

WordPress Events Schedule - WordPress Events Calendar Plugin plugin = 2.7.2 - SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Events Schedule - WordPress Events Calendar Plugin versions = 2.7.2...

WordPress plugin WpTravelly 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...