PT-2026-26251

CVE-2026-28044 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocke… https://t.co/XDQeDGbZS2...

CVE-2026-2899

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

CVE-2026-0724

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-14629 Alchemist Ajax Upload <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

CVE-2025-12640

CVE-2025-12640 concerns the WordPress plugin Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager . According to Wordfence, versions up to 3.1.5 are affected by an unauthorized arbitrary media replacement vulnerability caused by missing object-level authorizati...

EUVD-2025-206074

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

CVE-2025-12900 FileBird – WordPress Media Library Folders & File Manager <= 6.5.1 - Missing Authorization to Authenticated (Author+) Global Folders Tampering

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This makes it possible f...

CVE-2025-12900

The CVE-2025-12900 entry concerns the WordPress FileBird plugin (FileBird – WordPress Media Library Folders & File Manager) with a vulnerability in all versions up to 6.5.1. Root cause: missing authorization in ConvertController::insertToNewTable due to insufficient validation on a user-controlle...

EUVD-2025-202999

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

EUVD-2025-202032

Cross-Site Request Forgery CSRF vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through = 1.4...

CVE-2025-11510 FileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings Reset

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for...

CVE-2025-52786 WordPress Media Folder plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kingdom Creation Media Folder media-folder allows Reflected XSS.This issue affects Media Folder: from n/a through = 1.0.0...

WordPress Media Folder plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Media Folder versions = 1.0.0...

Exploit for CVE-2025-23968

AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GP...

CVE-2025-49979 WordPress Media Hygiene plugin <= 4.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through = 4.0.1...

CVE-2025-49979

CVE-2025-49979 concerns the WordPress Media Hygiene plugin (versions

CVE-2025-49979 WordPress Media Hygiene plugin <= 4.0.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.1...

CVE-2025-28948

Cross-Site Request Forgery CSRF vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

CVE-2025-28948

Cross-Site Request Forgery CSRF vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...