386 matches found
WordPress User Messages <= 1.2.4 - Reflected XSS
WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...
CVE-2026-54818 WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
CVE-2026-42752 WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability
Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...
WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10...
WordPress plugin MW WP Form 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-40869
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menu hover click parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...
WordPress plugin WP YouTube Lyte 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-32523 WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...
Exploit for Cross-Site Request Forgery (CSRF) in Internet-Formation Wp-Advanced-Search
CVE-2022-47447 POC CSRF - CVE-2022-47447 --- ⚠️ Uso exclu...
CVE-2025-68859
CVE-2025-68859 affects the WordPress plugin Syntax Highlighter Compress (versions up to and including 3.0.83.3). Root cause: Improper neutralization of input during web page generation , leading to a Reflected XSS vulnerability. Affected scope is stated as Syntax Highlighter Compress: from n/a th...
WordPress plugin Omnichannel for WooCommerce has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-13935
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...
CVE-2023-4243
The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...
CVE-2025-68867 WordPress Effect Maker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through = 1.2.1...
CVE-2025-15058 Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency'
The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tablecurrency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-67519 WordPress Ninja Tables plugin <= 5.2.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through = 5.2.3...
WordPress dream gallery plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability discovered by dayea song - Ahnlab in WordPress Plugin dream gallery versions = 1.0...
WordPress plugin URL Image Importer 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-45545
Name of the Vulnerable Software and Affected Versions Course Booking System versions prior to 6.1.6 Description The Course Booking System plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check in the csv-export.php file. An unauthenticat...
EUVD-2025-37981
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...