170 matches found
PT-2025-39012
Name of the Vulnerable Software and Affected Versions RIS Version Switcher versions through 1.0 Description A Cross-Site Request Forgery CSRF issue exists in RIS Version Switcher – Downgrade or Upgrade WP Versions Easily. This allows attackers to perform actions on behalf of an authenticated user...
Linux Distros Unpatched Vulnerability : CVE-2011-3818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an...
Linux Distros Unpatched Vulnerability : CVE-2018-20152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. CVE-2018-20152 Note that Nessus reli...
Linux Distros Unpatched Vulnerability : CVE-2020-28037
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - isbloginstalled in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attack...
Linux Distros Unpatched Vulnerability : CVE-2017-9062
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. CVE-2017-9062 Note that Nessus relies on the presence of the...
Linux Distros Unpatched Vulnerability : CVE-2018-20150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. CVE-2018-20150 Note that Nessus relies o...
Linux Distros Unpatched Vulnerability : CVE-2019-16222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 has an issue with URL sanitization in wpksesbadprotocolonce in wp- includes/kses.php that can lead to cross-site scripting XSS attacks...
Linux Distros Unpatched Vulnerability : CVE-2023-38000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0...
Linux Distros Unpatched Vulnerability : CVE-2023-39999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through...
WordPress Soledad Theme <= 8.6.7 is vulnerable to Local File Inclusion
Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-8142 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID e6e0ba39a319 Credits stealthcopter Required privilege Contributor Publish...
PT-2025-30947 · WordPress · Geodirectory – Wp Business Directory Plugin +1
Name of the Vulnerable Software and Affected Versions: GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress versions prior to 2.8.98 Description: The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is...
WordPress plugin Ebook Store 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress LeadBI Plugin for WordPress plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin LeadBI Plugin for WordPress versions = 1.7...
CVE-2025-46500
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Reflected XSS.This issue affects Wordpress Auto Spinner: from n/a through = 3.26.0...
WordPress plugin Electrician - Electrical Service WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Electrician - Electrical...
PT-2025-26209 · WordPress · Football-Pool
Name of the Vulnerable Software and Affected Versions: Football Pool plugin for WordPress versions up to, and including, 2.12.4 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...
WordPress plugin Slim SEO SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2025-24041 · WordPress · Wp-Addpub
Name of the Vulnerable Software and Affected Versions: WP-Addpub plugin for WordPress versions 1.2.8 and earlier Description: The issue allows authenticated attackers with Contributor-level access or higher to inject SQL queries via the 'wp-addpub' shortcode. This is due to insufficient escaping ...
CVE-2024-0602
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-6754
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpwautoposterupdatetweettemplate’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level...