PT-2026-21887

Name of the Vulnerable Software and Affected Versions WPGSI: Spreadsheet Integration plugin for WordPress versions through 3.8.3 Description The WPGSI: Spreadsheet Integration plugin for WordPress is susceptible to unauthorized modification and data loss. This is due to the absence of proper...

CVE-2025-12782

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable function. This makes it possible for authenticated attackers,...

CVE-2025-62958

Cross-Site Request Forgery CSRF vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts & Pages: from n/a through = 2.2.61...

CVE-2025-62958 WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts & Pages: from n/a through = 2.2.61...

CVE-2025-62958 WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts & Pages: from n/a through = 2.2.61...

WordPress plugin Simple Content Templates for Blog Posts & Pages Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Simple Content Templates for Blog Posts & Pages versions = 2.2.61...

CVE-2023-23826

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Arsham Mirshah Add Posts to Pages plugin = 1.4.1 versions...

Elementor Addon Elements < 1.12.8 - Unauthenticated Post ID/Tile Disclosure

Description The plugin does not have authorisation in its ajaxeaepostdata function, allowing unauthenticated users to retrieve arbitrary posts/pages such as draft, private etc IDs and tiles...

PT-2023-13672 · WordPress · Monsterinsights

Name of the Vulnerable Software and Affected Versions: MonsterInsights WordPress plugin versions prior to 8.9.1 Description: The issue allows an unauthenticated attacker to inject arbitrary web scripts into page titles by spoofing requests to Google Analytics, due to the lack of sanitization or...

WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack PoC...

CVE-2021-24845 Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access

The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with posttype & poststatus which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to...

CVE-2021-24819 Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as...

Allow PHP in Posts & Pages <= 2.0.0.RC2 - SQL Injection

The Allow PHP in Posts and Pages WordPress plugin was affected by a SQL Injection security vulnerability...