CVE-2025-12375

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the downloadur...

CVE-2026-27092 WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.3.0...

CVE-2026-27092 WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.3.0...

CVE-2025-12375

CVE-2025-12375 refers to a Server-Side Request Forgery in the Printful Integration for WooCommerce plugin for WordPress. The vulnerability exists in all versions up to and including 2.2.11 and is triggered via the advanced size chart REST API endpoint, due to insufficient validation of user-suppl...

PT-2026-20770

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.2.11...

WordPress WPAdverts plugin <= 2.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WPAdverts versions = 2.2.11...

EUVD-2025-205246

Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.11...

CVE-2025-68589

Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.12...

CVE-2025-68589 WordPress WP Telegram Widget and Join Link plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.12...

PT-2025-53277

Name of the Vulnerable Software and Affected Versions WP Socio WP Telegram Widget and Join Link versions through 2.2.11 Description The WP Telegram Widget and Join Link software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized...

CVE-2025-27274

Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through = 2.2.11...

CVE-2025-27274

CVE-2025-27274: WordPress GPX Viewer (NotFound GPX Viewer) is affected up to version 2.2.11 by a path traversal vulnerability. Root cause is a path traversal flaw in the GPX Viewer component. Remediation: update to GPX Viewer 2.2.11 or later (patched). Exploitation details are not provided in the...

CVE-2025-27274 WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through = 2.2.11...

WordPress SEUR Oficial Plugin <= 2.2.11 is vulnerable to Cross Site Scripting (XSS)

Software SEUR Oficial Type Plugin Vulnerable versions = 2.2.11 Fixed in 2.2.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9438 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 09ee4a264f33 Credits vgo0 Required...

MB Connect Line mbNET.mini OS Command Injection Vulnerability

MB Connect Line mbNET.mini is an industrial router from MB Connect Line, Germany. An operating system command injection vulnerability exists in MB Connect Line mbNET.mini version 2.2.11 and earlier, which stems from an improper neutralization of special elements used in operating system commands,...

CVE-2024-4372

The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

WordPress plugin WP Club Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24807 · Unknown · Wp Club Manager

Name of the Vulnerable Software and Affected Versions: WP Club Manager versions 2.2.11 and earlier Description: A Missing Authorization issue has been identified. Recommendations: For WP Club Manager versions 2.2.11 and earlier, update to a version later than 2.2.11 to resolve the issue...

WordPress WP Club Manager plugin <= 2.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Club Manager versions = 2.2.11...

PT-2024-23934 · Unknown · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize versions 2.2.11 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker can potentially trick the server into making unauthorized requests, leading to...