83678 matches found
CVE-2026-39434
CVE-2026-39434 affects WordPress CTX Feed plugin (WebAppick CTX Feed) versions
CVE-2026-34901
CVE-2026-34901 affects WordPress iControlWP plugin,
CVE-2026-34898 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...
CVE-2026-34886
The CVE-2026-34886 entry affects WordPress WordPress Simple Membership plugin versions
CVE-2026-27089 WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability
Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...
CVE-2026-24637 WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability
Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...
CVE-2026-23970
The CVE covers WordPress plugin Redirection for Contact Form 7 (versions
CVE-2026-9691 WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...
CVE-2025-69332 WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in Bookify = 1.1.1 versions...
CVE-2025-68872
CVE-2025-68872 is a reflected XSS vulnerability in the WordPress plugin “Eli's WordCents adSense Widget with Analytics” (versions
CVE-2025-68872 WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...
CVE-2025-68851 WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...
CVE-2025-68840 WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...
CVE-2025-68049
CVE-2025-68049 affects the WordPress bunny.net plugin, version up to 2.3.6, with a Broken Access Control flaw. The CVSS 3.1 base metrics indicate Low impact to confidentiality, integrity, and availability, and a network attack vector with low privileges required and no user interaction. The provi...
CVE-2018-25436
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...
CVE-2016-20082
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtestadmin.php with malicious action values to include files from the admin directory an...
CVE-2016-20077
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...
CVE-2016-20081
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...
CVE-2016-20074
WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...
CVE-2016-20071
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...