Wordpress Email Subscribers by Icegram Express - SQL Injection

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...

Wordpress Country State City Dropdown <=2.7.2 - SQL Injection

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

WordPress Plugin MainWP Child - Authentication Bypass

The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to login as an administrator without providing a password. This vulnerability is only exploitable when the plugin has not been connected to a MainWP Dashboard and the "Require unique security ID" option is no...

My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

WP Triggers Lite - Cross-Site Scripting

WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. id: CVE-2020-115...

WordPress Formality Plugin <= 1.5.9 - Local File Inclusion

Michele Giorgi Formality = 1.5.9 contains a file inclusion vulnerability caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires crafted input. id: CVE-2025-48157 info: name: WordPress Formality Plugin = 1.5.9 - Local File...

WordPress Payeezy Pay <=2.97 - Local File Inclusion

WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97...

WordPress Ninja Forms <3.3.18 - Cross-Site Scripting

WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begindate, enddate, or formid parameters. This can allow an attacker to steal cookie-based authentication credentials a...

WordPress JSmol2WP <=1.07 - Local File Inclusion

WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context...

WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option

The WP GDPR Compliance plugin allows unauthenticated users to execute any action and update any database value. This vulnerability is due to the lack of proper validation in the Includes/Ajax.php file. id: CVE-2018-19207 info: name: WP GDPR Compliance 1.4.3 - Unauthenticated Call Any Action or...

WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution

WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supportedtype to php% and uploading a .php% file. id: CVE-2020-12800 info: name: WordPress Contact Form 7 1.3.3.3 - Remote Code Execution author: dwisiswant0 severity: critical description...

Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion

Wordpress Quiz and Survey Master 7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsmremovefilefdquestion, which allowed...

WP Hotel Booking < 1.10.4 - PHP Object Injection

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...

WordPress JSmol2WP <=1.07 - Cross-Site Scripting

WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. id: CVE-2018-20462 info: name: WordPress JSmol2WP =1.07 - Cross-Site Scripting author: daffainfo severity: medium...

WordPress Localize My Post 1.0 - Local File Inclusion

WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter. id: CVE-2018-16299 info: name: WordPress Localize My Post 1.0 - Local File Inclusion author: 0xAkoko,0x240x23elu severity: high description: | WordPress Localize My Post 1.0 is susceptib...

WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. id: CVE-2018-17207 info: name:...

WordPress PayPal Pro <1.1.65 - SQL Injection

WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format. id: CVE-2020-14092 info: name: WordPress PayPal Pro 1.1.65 - SQL Injection...

Adning Advertising <= 1.5.5 - Arbitrary File Upload

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...