Exploit for CVE-2025-6934

CVE-2025-6934 – Eksploitasi WordPress Opal Estate Pro 📖...

PT-2025-34740

Name of the Vulnerable Software and Affected Versions: Dokan Pro versions prior to 4.0.6 Description: The Dokan Pro plugin for WordPress is susceptible to privilege escalation via account takeover. The issue stems from insufficient user identity validation during staff password resets, allowing...

CVE-2023-3411

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajaxstoresave function. This makes it possible for unauthenticated...

CVE-2024-6693

CVE-2024-6693 affects the wccp-pro WordPress plugin. Versions prior to 15.3 do not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The impact is Stored XSS within admin-facing content/configs; ...

CVE-2024-7063

CVE-2024-7063 affects ElementsKit Pro for WordPress, with Sensitive Information Exposure via render_raw in all versions up to 3.6.6. The issue requires authentication (Contributor+), allowing an authenticated user to exfiltrate sensitive data such as private, future, and draft posts. Connected so...

CVE-2023-4827 File Manager Pro < 1.8 - Remote Code Execution via CSRF

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

CVE-2022-4158

The CVE-2022-4158 entry concerns the Contest Gallery WordPress plugin (versions prior to 19.1.5.1) and Contest Gallery Pro (prior to 19.1.5.1). The vulnerability arises from failing to escape the cg_Fields POST parameter before concatenating it into an SQL query within users-registry-check-regist...

CVE-2022-3539

The CVE-2022-3539 issue affects the WordPress plugins Testimonials (before 2.7) and Super Testimonial Pro (before 1.0.8). The root cause is a lack of sanitization and escaping of plugin settings, enabling high-privilege users (e.g., admins) to perform cross-site scripting (XSS) even when the unfi...

CVE-2021-24949

The CVE-2021-24949 concerns The Plus Addons for Elementor Pro WordPress plugin (pre-5.0.7). The WP Search Filters widget fails to sanitise and escape the option parameter before using it in a SQL statement, enabling unauthenticated SQL injection. Affected product: The Plus Addons for Elementor Pr...