8 matches found
CVE-2026-12738
CVE-2026-12738 affects WP Easy Pay
CVE-2025-11454
The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...
EUVD-2025-124905
The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. Setup a listener on a localhost/LAN host such as nc -l 127.0.0.1 9000, then as a contributor, put the followi...
CVE-2024-1318
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up to, and...
PageLayer < 1.8.0 - Author+ Stored XSS
Description The plugin doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations. - As a user with Author+ capabilities, create a new pos...
PageLayer < 1.7.8 - Author+ Stored XSS
Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to the...
PageLayer < 1.7.8 - Author+ Stored XSS
Description The plugin doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. PoC - As a user with Author+ capabilities, create a new post draft - Save it, then edit it using the PageLayer page builder - Navigate to...