EUVD-2026-26754

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

CVE-2026-4063 Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

WordPress plugin Social Icons Widget & Block by WPZOOM 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Plugin Social Icons Widget Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Plugin WPZOOM Social Feed Widget & Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Fedora 36 : wordpress (2022-4e099582c7)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-4e099582c7 advisory. WordPress 6.0.3 Security Release Security updates included in this release Stored XSS via wp-mail.php post by email Toshitsugu Yoneyama of Mitsui Bussan Secu...

WordPress 5.8.x < 5.8.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

WordPress 4.5.x < 4.5.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability in the Widget block discovered in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...

Magento Community Edition 2.0.x < 2.0.17 Multiple Vulnerabilities

Binary data 700417.prm...