WordPress Plugin User Registration 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Complianz – GDPR/CCPA Cookie Consent 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2026-26086

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...

WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Profile Builder Pro versions = 3.15.0...

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Daniel Wade in WordPress Plugin WP Time Slots Booking Form versions = 1.2.46...

WordPress Simple Random Posts Shortcode plugin <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Simple Random Posts Shortcode versions = 0.3...

WordPress Emailchef plugin <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Emailchef versions = 3.5.1...

CVE-2026-4119

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers adminpost action hooks for creating tables adminpostaddtable and deleting tables adminpostdeletedbtable without implementing any capability checks via...

CVE-2026-2717 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values

The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...

CVE-2026-4118 Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update

The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...

WordPress plugin Short Comment Filter 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin HTTP Headers 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

GHSA-R65V-XGWC-G56J OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

Summary ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's...

WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ritsuy in WordPress Plugin collectchat versions = 2.4.9...

PT-2026-33913

The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

WordPress wpDataTables plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Lio in WordPress Plugin wpDataTables versions = 6.5.0.4...

WordPress CMS für Motorrad Werkstätten plugin <= 1.0.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Régis SENET - ORHUS in WordPress Plugin CMS für Motorrad Werkstätten versions = 1.0.0...

SUSE CVE-2026-40919

A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service DoS, leading to the plugin crashing and potential...

WordPress plugin Vantage 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...