CVE-2025-11986

CVE-2025-11986 affects the WordPress Crypto Tool plugin (

CVE-2025-11986 Crypto Tool <= 2.22 - Unauthenticated Information Exposure via Global Authentication State

The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the register and savenft methods with only a...

CVE-2025-11988

The CVE-2025-11988 entry concerns the WordPress Crypto Tool plugin (versions

CVE-2025-11988 Crypto Tool <= 2.22 - Missing Authentication to Unauthenticated Limited File Deletion

The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the cryptodeletejson method with only a...

WordPress Crypto Tool plugin <= 2.22 - Unauthenticated Information Exposure via Global Authentication State vulnerability

Unauthenticated Information Exposure via Global Authentication State vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crypto versions = 2.22...

WordPress Crypto Tool plugin <= 2.22 - Missing Authentication to Unauthenticated Limited File Deletion vulnerability

Missing Authentication to Unauthenticated Limited File Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crypto versions = 2.22...

EUVD-2017-18825

Malware in sbrugna...

PT-2025-28926 · Jenkins · Jenkins Sensedia Api Platform Tools Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Sensedia Api Platform Tools Plugin version 1.0 Description: The Jenkins Sensedia Api Platform Tools Plugin does not mask the Sensedia API Manager integration token on the global configuration form, potentially allowing attackers to...

CVE-2024-10588

The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...

WordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Greek Multi Tool – Fix peralinks, accents, auto create menus and more versions = 2.3.1...

WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Debug Tool versions = 2.2...

CVE-2024-10588

The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...

CVE-2023-44245

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

WordPress WP Survey And Quiz Tool Plugin 1.2.1 - Cross-Site Scripting Vulnerability

This WP Survey And Quiz Tool plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...