Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion

A directory traversal vulnerability in the JE Form Creator comjeformcr component for Joomla!, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the...

Duplicate Page WordPress - Stored Cross-Site Scripting

Duplicate Page WordPress plugin = 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role. id: CVE-2021-24681 info: name: Duplicate Page WordPress...

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the...

WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution

Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...

WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

Campaign Monitor for WordPress - Information Disclosure

Campaign Monitor for WordPress plugin for WordPress versions up to 2.8.15 contains a full path disclosure caused by improper access restriction and enabled displayerrors in /forms/views/admin/create.php, letting unauthenticated attackers retrieve server paths, exploit requires displayerrors to be...

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution

Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...

WordPress Bookit < 2.5.1 - Unauthenticated Stripe Settings Update

Bookit WordPress plugin 2.5.1 contains a broken access control vulnerability caused by a publicly accessible REST endpoint allowing unauthenticated update of Stripe payment options, letting remote attackers modify payment settings without authentication. id: CVE-2025-12841 info: name: WordPress...

WordPress Qubely < 1.8.6 - Unauthenticated Email Sending

Qubely WordPress plugin 1.8.6 contains an insecure deserialization caused by unauthenticated users being able to send arbitrary emails via the qubelysendformdata AJAX action, letting attackers send spam or malicious emails, exploit requires no authentication. id: CVE-2021-24916 info: name:...

Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload

Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...

Blinko <= 1.8.3 - Path Traversal via /plugins

Blinko = 1.8.3 contains a path traversal caused by improper path concatenation without verification in the plugin file server endpoint, letting remote attackers access arbitrary files, exploit requires network access. id: CVE-2026-23483 info: name: Blinko = 1.8.3 - Path Traversal via /plugins...

Breeze <= 2.4.4 - Arbitrary File Upload

Breeze Cache WordPress plugin = 2.4.4 contains an unrestricted file upload vulnerability caused by missing file type validation in 'fetchgravatarfromremote' function, letting unauthenticated attackers upload arbitrary files, exploit requires 'Host Files Locally - Gravatars' enabled. id:...