WordPress Plugin Booking Ultra Pro Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Booking Ultra Pro, which...

WordPress Plugin WP FullCalendar Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP FullCalendar, which...

WordPress Plugin CubeWP - All-in-One Dynamic Content Framework Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin CubeWP - All-in-One...

WordPress RSS Feed Widget plugin < 3.0.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin RSS Feed Widget versions 3.0.0...

CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

CVE-2026-1244

The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoopcampaign' shortcode in all versions up to, and including, 4.2.5. This is due to insufficient input sanitization and output escaping on the...

CVE-2026-1549

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...

WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by You Ludwig in WordPress Plugin Elementor Contact Form DB versions = 2.1.3...

WordPress WP-CORS plugin <= 0.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP-CORS versions = 0.2.2...

WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Enter Addons versions = 2.3.2...

CVE-2026-1377

CVE-2026-1377 affects the WordPress plugin imwptip

CVE-2026-1400 AI Engine <= 3.3.2 - Authenticated (Editor+) Arbitrary File Upload via 'filename' Parameter in update_media_metadata Endpoint

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...

WordPress Easy Replace Image plugin <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Attachment Replacement vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Replace Image versions = 3.5.2...

WordPress plugin Easy Replace Image has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Ivory Search has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress DesignThemes Core Features plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Core Features versions = 2.3...

WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Slimstat Analytics versions = 5.3.2...

WordPress Responsive Header Plugin plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Responsive Header versions = 1.0...

PT-2026-4856

The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

PT-2026-4993

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get audio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...