CVE-2025-2876

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...

CVE-2025-32269

Technical details about CVE-2025-32269 are not publicly provided in the supplied documents; the connected sources do not reveal affected versions, exploit information, or fixes. Monitor for official updates.

CVE-2025-32197 WordPress Piotnet Addons For Elementor plugin <= 2.4.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in piotnetdotcom Piotnet Addons For Elementor piotnet-addons-for-elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through = 2.4.36...

CVE-2025-30863 WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms integration-for-contact-form-7-and-google-sheets allows Cross Site Request Forgery.This issue affects Integration for Google Sheets and Contact Form 7,...

CVE-2024-13410

The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...

CVE-2024-13410

The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

VulnCheck KEV: CVE-2024-9593

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute...

CVE-2024-5667

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library versions 1.7.13 to 1.7.14 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5667

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library versions 1.7.13 to 1.7.14 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5667 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library versions 1.7.13 to 1.7.14 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5667

CVE-2024-5667 concerns Stored DOM-Based Cross-Site Scripting via the Featherlight.js library bundled in multiple WordPress plugins. The Connected Documents confirm concrete details: authenticated attackers with contributor+ access can inject scripts that execute on users’ pages. The root cause is...

CVE-2024-5667 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library versions 1.7.13 to 1.7.14 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 17, 2025 to February 23, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

CVE-2025-0916

CVE-2025-0916 concerns the WordPress plugin family “YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service”. Connected sources confirm a stored XSS vulnerability in versions 2.4.9 through 2.6.2 caused by insufficient input sanitization and output escapi...

PT-2025-6806 · Saadiqbal +2 · Advanced File Manager – Ultimate Wp File Manager/Document Library Solution +2

Name of the Vulnerable Software and Affected Versions: elFinder versions prior to 2.1.65 Description: Several WordPress plugins utilizing elFinder are susceptible to Directory Traversal, allowing unauthenticated attackers to delete arbitrary files. Exploitation requires the site owner to make an...

CVE-2025-25125 WordPress Fyrebox Quizzes plugin <= 3.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in CyrilG Fyrebox Quizzes fyrebox-shortcode allows Stored XSS.This issue affects Fyrebox Quizzes: from n/a through = 3.1...

CVE-2016-15042

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...

CVE-2022-40700

Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...

CVE-2024-10633

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...