Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion

Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the...

CVE-2026-42411

CVE-2026-42411 affects the WordPress CloudSecure WP Security plugin (versions

WordPress plugin TypeSquare Webfonts for ConoHa 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...

CVE-2016-10964

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header...

CVE-2016-10920

The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS...

CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put...

CVE-2022-0600

The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2017-18563

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen...

CVE-2017-18554

The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event...

CVE-2019-20141

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter...

CVE-2024-2019

The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbterender' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...

WordPress plugin Cincopa video and media plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-66075

Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through = 4.0.3...

WordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextMove Lite versions = 2.23.0...

EUVD-2017-9151

Malware in sbrugna...

EUVD-2018-17435

Malware in sbrugna...

EUVD-2014-4645

Malware in sbrugna...

EUVD-2021-23464

Malware in sbrugna...

EUVD-2016-1896

Malware in sbrugna...