53 matches found
WordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin Content Mask versions = 1.8.5.3...
CVE-2025-58012
CVE-2025-58012 relates to the WordPress Content Mask plugin. The connected documentation provides concrete details: Content Mask versions up to 1.8.5.2 are affected, with an Authenticated (Author+) condition leading to a Server-Side Request Forgery (SSRF) scenario as described in the Wordfence vu...
PT-2025-38959
Name of the Vulnerable Software and Affected Versions WP Content Protection versions through 1.3 Description A Cross-Site Request Forgery CSRF issue exists in Shankaranand Maurya WP Content Protection, which also allows Stored Cross-Site Scripting XSS. The issue allows for potential malicious...
CVE-2025-10188
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the bulkremove function. This makes it possible for unauthenticated attackers to arbitrar...
CVE-2025-47536 WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through = 7.0.0...
CVE-2024-0437
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or...
CVE-2025-47501 WordPress Content Control plugin <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...
CVE-2025-47501
CVE-2025-47501 : DOM-based XSS in WordPress plugin Content Control (
WordPress plugin Content Blocks 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Content Blocks Builder versions = 2.7.6...
WordPress Content Slider Block Plugin <= 3.1.5 is vulnerable to Sensitive Data Exposure
Software Content Slider Block Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10667 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abf2f7c885a5 Credits Francesco Carlucci Required...
WordPress Content Syndication Toolkit Reader Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)
Software Content Syndication Toolkit Reader Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51696 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4c15b730abc5 Credits João Pedro S...
PT-2024-15561 · WordPress · Password Protect
Name of the Vulnerable Software and Affected Versions: Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease versions up to, and including, 2.6.6 Description: The issue allows authenticated attackers with subscriber access or higher to extract post titles and...
WordPress Content Views plugin <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via pagingType Parameter vulnerability discovered by wesley wcraft in WordPress Plugin Content Views versions = 3.7.1...
WordPress Content Views Plugin <= 3.7.1 is vulnerable to Cross Site Scripting (XSS)
Software Content Views Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4446 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db0528283bdc Credits wesley wcraft Required...
WordPress Content Views Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Content Views Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3929 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0486765092e3 Credits wesley wcraft Required...
WordPress Content Control plugin <= 2.1.0 - Missing Authorization to Sensitive Information Exposure vulnerability
Missing Authorization to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Content Control versions = 2.1.0...
WordPress Content Control Plugin <= 2.1.0 is vulnerable to Broken Access Control
Software Content Control Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0615 Patch priority Low CVSS severity Low 5.3 Developer Code Atlantic LLC PSID 3c7e15ef621e Credits Francesco Carlucci Required...
CVE-2024-1478
The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...
WordPress Content Cards Plugin <= 0.9.7 is vulnerable to Cross Site Scripting (XSS)
Software Content Cards Type Plugin Vulnerable versions = 0.9.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24928 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6115f90df15e Credits Ngô Thiên An ancorn from VNPT-VCI Required...