CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

CVE-2026-1719

CVE-2026-1719 concerns the Gravity Bookings Premium WordPress plugin. Affected: Gravity Bookings Premium plugin for WordPress (versions up to and including 2.5.9). Issue: SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of the existing SQL query, enabli...

WordPress ARMember Premium plugin <= 6.7 - Cross-Site Request Forgery via multiple functions vulnerability

Cross-Site Request Forgery via multiple functions vulnerability discovered by István Márton - Wordfence in WordPress Plugin ARMember Premium versions = 6.7...

CVE-2025-14719

The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks...

EUVD-2022-43521

Malicious code in bioql PyPI...

CVE-2023-46614

Cross-Site Request Forgery CSRF vulnerability in Mat Bao Corp WP Helper Premium plugin = 4.5.1 versions...

CVE-2023-1069

The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Villatheme Woocommerce_Photo_Reviews

CVE-2024-8277 - Authentication Bypass in WooCommerce Photo Revie...

CVE-2024-3469

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

PT-2024-26109

Name of the Vulnerable Software and Affected Versions GP Premium plugin for WordPress versions up to, and including, 2.4.0 Description The issue is related to Reflected Cross-Site Scripting via the message parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2022-45850 WordPress Image Map Pro premium plugin < 5.6.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9...

BookIt <= 2.4.0 - Price Bypass

Description The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to Price Bypass in versions up to and including 2.4.0. This makes it possible for site owners to make use of premium plugin features without paying. Note that this does not meaningfully negatively...

WordPress Complianz - GDPR/CCPA Cookie Consent Premium Plugin < 6.4.8 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:really-simple-plugins:complianzpremium"; if description...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mat Bao Corp WP Helper Premium plugin = 4.5.1 versions...

CVE-2023-46614 WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mat Bao Corp WP Helper Premium plugin = 4.5.1 versions...

CVE-2023-46614

CVE-2023-46614 affects the WordPress WP Helper Premium plugin (

CVE-2023-46614 WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Mat Bao Corp WP Helper Premium plugin = 4.5.1 versions...

WordPress WP Helper Premium Plugin <= 4.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Helper Premium Type Plugin Vulnerable versions = 4.5.1 Fixed in 4.5.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46614 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 43454c2014be Credits Nguyen Xuan Chien...

CVE-2023-1166 USM Premium < 16.3 - Admin+ Stored XSS

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2023-2284

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...