CVE-2026-23549

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.1.1...

WPGraphQL <= 0.2.3 - Multiple Vulnerabilities

Without authorisation, weak access controls allow us to: Create administrative users Post comments on articles bypassing article restrictions and global moderation Retrieve content of password-protected posts/articles/pages Retrieve full list of registered users in the platform Retrieve full list...

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the followi...

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested o...

WordPress AND-AntiBounce 1.0.3 Open Redirection

Exploit Title : WordPress 5.1.1 WPBounce AND-AntiBounce Plugins 1.0.3 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 27/03/2019 Vendor Homepage : devrix.com - wpbounce.com Software Information Links :...

WordPress Multiple Vulnerabilities (Mar 2019) - Windows

WordPress is prone to a cross-site request forgery CSRF vulnerability in a comment form which leads to HTML injection and cross-site scripting XSS attacks. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...