CVE-2026-27047 WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through = 2.1.6...

Exploit for CVE-2025-8489

100-days-challenge-day-21--WP scan WP Scan helped identify co...

CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library

Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library = 2.8.3 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

EUVD-2021-11105

Malware in sbrugna...

PT-2025-26341 · WordPress · Grandplugins Image Sizes Controller +2

Name of the Vulnerable Software and Affected Versions: GrandPlugins Image Sizes Controller versions 1.0.0 through 1.0.9 Create Custom Image Sizes versions 1.0.0 through 1.0.9 Disable Image Sizes versions 1.0.0 through 1.0.9 Description: The issue is related to a Missing Authorization vulnerabilit...

CVE-2021-24192

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...

WordPress Bit File Manager 6.5.5 Race Condition / Code Injection

WordPress Bit File Manager plugin version 6.5.5 proof of concept race condition exploit that achieves remote code execution. ============================================================================================================================================= | Title : WordPress Bit File...

Exploit for Path Traversal in Grafana

Automated Exploit Tool for Grafana CVE-2021-43798 !Previewi...

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 CVSS score: 9.8, affects all versions of the plugin prior to 1.9.0. The...

PT-2024-39622 · WordPress · Gmw-Premium-Settings +1

Name of the Vulnerable Software and Affected Versions: GEO my WP WordPress plugin versions prior to 4.5 gmw-premium-settings WordPress plugin versions prior to 3.1 Description: The issue is related to insufficient validation of files to be uploaded, which could allow attackers to upload arbitrary...

CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-47804 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.462.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-47804 Source advisory: OSV:GHSA-F9QJ-77Q2-H5C5...

CVE-2023-46619 WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WebDorado WDSocialWidgets plugin = 1.0.15 versions...

DEBIAN-CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

Cross site request forgery (csrf)

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for...

Arbitrary command execution on Windows

Description Opening files from an untrusted directory can lead to execution of arbitrary commands on Windows systems, this is possible by having a malicious file with the same name as a trusted executable, Windows gives priority to the current directory when searching for executables. Several...

PT-2023-12446 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns over 70 plugins and themes that are vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed. Recommendation...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2220 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.23)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2220 Source advisory: OSV:GHSA-QGJ4-RC8M-44MQ...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1191 more potentially affected by CVE-2015-1811 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.596)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0.3, =1.0.0, =1.0, =1.0.0, =2.2.0, =1.0-beta-1, =4.18 - com.boxuk.jenkins:jslint =0.7.4 and more Source cves: CVE-2015-1811 Source advisory: OSV:GHSA-QG7X-4H4Q-3M49...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +698 more potentially affected by CVE-2013-7330 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.480.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.17 and more Source cves: CVE-2013-7330 Source advisory: OSV:GHSA-H5JV-HG68-MJHG...