CVE-2024-8713

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-10937

The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wpajaxnoprivrelatedpostajaxgetpostids AJAX action. This makes it possible for...

CVE-2023-27423

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Auto Prune Posts plugin = 1.8.0 versions...

CVE-2023-6731

The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary pos...

CVE-2022-46814

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

CVE-2021-24537

The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin...

CVE-2015-9361

The Related Posts plugin before 1.8.2 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2024-10639

The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-32579 WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through = 1.0...

CVE-2024-13881

The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Related Post plugin <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Related Post versions 2.0.59...

WordPress Get Posts plugin <= 0.6 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Get Posts versions = 0.6...

WordPress WP Video Posts plugin <= 3.5.1 - CSRF to Remote Code Execution (RCE) vulnerability

CSRF to Remote Code Execution RCE vulnerability discovered by johska in WordPress Plugin WP Video Posts versions = 3.5.1...

CVE-2025-23476 WordPress my-related-posts plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in isnowfy my-related-posts my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through = 1.1...

WordPress plugin Mark Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-12288

The CVE-2024-12288 entry concerns the WordPress plugin Simple add pages or posts. Connected Red Hat advisory RH:CVE-2024-12288 confirms a Cross-Site Request Forgery vulnerability in this plugin, arising from missing nonce validation, enabling unauthenticated attackers to update settings and injec...

WordPress Popular Posts plugin <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Popular Posts versions = 7.1.0...

WordPress plugin TPG Get Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-29237 WordPress Remove Duplicate Posts plugin <= 1.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5...

CVE-2024-51584 WordPress Marquee Elementor with Posts plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anas2004 Marquee Elementor with Posts marquee-elementor allows DOM-Based XSS.This issue affects Marquee Elementor with Posts: from n/a through = 1.2.0...