WP Projects Portfolio <= 3.0 - Cross-Site Scripting

WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...

LatePoint <= 5.0.12 - Authentication Bypass

LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...

Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

WordPress Front End Users - Reflected XSS

WordPress Front End Users plugin = 3.2.32 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

Legull WordPress - Cross-Site Scripting

Legull WordPress plugin = 1.2.2 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to click malicious link. id: CVE-2024-13352 info: name: Legull WordPress -...

WP MediaTagger <= 4.1.1 - Cross-Site Scripting

WP MediaTagger WordPress plugin = 4.1.1 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires user interaction or victim to visit a malicious link. id:...

FlipperCode Custom CSS, JS & PHP <= 2.0.7 - Remote Code Execution

Custom css-js-php WordPress plugin through 2.0.7 contains a command injection caused by unsanitized user input used in SQL query and passed to eval, letting unauthenticated attackers execute arbitrary PHP code on the server. id: CVE-2026-6433 info: name: FlipperCode Custom CSS, JS & PHP = 2.0.7 -...

wpForo Forum <= 2.4.14 - SQL Injection

wpForo Forum WordPress plugin = 2.4.14 contains a time-based SQL injection caused by insufficient escaping of the 'wpfob' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-1581 info: name: wpForo Forum = 2.4.14 - SQL Injection author: Shivam Kamboj...

Prodigy Commerce <= 3.3.0 - Local File Inclusion

Prodigy Commerce WordPress plugin = 3.2.9 contains a local file inclusion caused by improper sanitization of 'parameterstemplatename' parameter, letting unauthenticated attackers include and execute arbitrary files remotely. id: CVE-2026-0926 info: name: Prodigy Commerce = 3.3.0 - Local File...

YARPP <= 5.30.10 - Missing Authorization

The YARPP Yet Another Related Posts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in the /includes/yarppprosetdisplaytypes.php file in all versions up to, and including, 5.30.10. This makes it possible for unauthenticated attackers to set displ...

Automation By Autonami < 3.3.0 - SQL Injection

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. id:...

SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs. id: CVE-2024-6846 info: name: SmartSearchWP = 2.4.4 - Unauthenticated Log Purge author: s4e-io severity: medium description: | Th...

Ally – Web Accessibility & Usability <= 4.0.3 - SQL Injection

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

EKC Tournament Manager WordPress plugin - Path Traversal

EKC Tournament Manager WordPress plugin 2.2.2 contains a path traversal caused by insufficient validation, letting logged in admin users download system files outside the WordPress directory. id: CVE-2024-9765 info: name: EKC Tournament Manager WordPress plugin - Path Traversal author: Sourabh-Sa...

Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting

Fantastic ElasticSearch WordPress plugin = 4.1.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to visit a malicious link. id: CVE-2024-13221 info: name:...

WordPress Plugin File Manager (wp-file-manager) Backup Disclosure

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...

WordPress Simple File List - Path Traversal

Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory. id: CVE-2020-12832 info: name: WordPress Simple File List - Path Traversal author: riteshs4hu severity: critical description: | Simple File List plugin allows path traversal v...

WordPress Permalink Manager <2.2.15 - Cross-Site Scripting

WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page. id: CVE-2022-0201 info: name: WordPress Permalink Manager 2.2.15 - Cross-Site...

HTML Email Template Designer < 3.1 - Missing Authorization on Rest Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

LearnPress < 4.3.2 - Broken Access Control

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders...