WordPress Abandoned Contact Form 7 plugin <= 2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by g0wthr in WordPress Plugin Abandoned Contact Form 7 versions = 2.5...

CVE-2025-15658

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

CVE-2025-15659 WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...

CVE-2025-15659 WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...

CVE-2025-15659

CVE-2025-15659 concerns the WordPress Elizaibots plugin (versions

CVE-2025-15658

The CVE describes an Administrator-XSS vulnerability in the WordPress WP Emmet plugin versions

CVE-2025-15658 WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

CVE-2025-15658 WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

WordPress Video Conferencing with Zoom plugin <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability

Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability discovered by aetta in WordPress Plugin Video Conferencing with Zoom versions = 4.6.7...

CVE-2016-20084

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

CVE-2019-25746

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

CVE-2018-25437

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

CVE-2018-25436

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...

CVE-2016-20080

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wpabspath parameter. Attackers can supply path traversal sequences or remote URLs through the...

CVE-2016-20079

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...

CVE-2016-20077

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoin...

CVE-2016-20078

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

CVE-2016-20081

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...

CVE-2016-20083

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

CVE-2016-20082

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtestadmin.php with malicious action values to include files from the admin directory an...