CVE-2026-9757

The GEO my WP WordPress plugin (prepare(). This enables unauthenticated attackers to append additional SQL to existing queries to extract data. Exploitation requires a public page hosting the Posts Locator shortcode ([gmw form="results" form_id=N]) and at least one published post with an associat...

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

CVE-2026-9757 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Affiliate Super Assistent versions = 1.10.1...

WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by hhhai in WordPress Plugin WebinarIgnition versions 4.08.253...

Exploit for CVE-2025-5947

CVE-2025-5947 CVE-2025-5947 WordPress Service Finder Bookings...

Exploit for CVE-2026-8732

CVE-2026-8732 - WP Maps Pro &checktemp=false' 3. Login via...

WordPress WebinarIgnition plugin < 4.08.253 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by hhhai in WordPress Plugin WebinarIgnition versions 4.08.253...

WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin <= 3.2.7 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by dodoh4t in WordPress Plugin QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly versions = 3.2.7...

WordPress TableOn plugin <= 1.0.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin TableOn versions = 1.0.5.1...

WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin Favicon versions = 1.3.46...

RestroPress-WordPress-Plugin-Sensitive-API-Key-amp-Token-Exposure-Vulnerability-Exploitation

📌 Overview CVE-2025-9209 is a critical information disclo...

Exploit for Improper Input Validation in Microsoft

CVE-2025-9209 – RestroPress Unauthenticated API Key & Token Ex...

Exploit for CVE-2026-8732

CVE-2026-8732 — WP Maps Pro ≤ 6.1.0 ♡ Unauthenticated Privil...

PT-2026-45088

Name of the Vulnerable Software and Affected Versions Simple History versions prior to 5.26.1 Description The Simple History plugin for WordPress allows authenticated users with Subscriber-level permissions or higher to take over accounts. The issue exists in the event reaction endpoints...

WordPress plugin GEO my WP SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Simple History 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-45090

Name of the Vulnerable Software and Affected Versions GEO my WP versions prior to 4.5.6 Description The plugin is subject to SQL Injection, allowing unauthenticated attackers to append additional SQL queries to extract sensitive information from the database. The issue occurs because the swlatlng...

PT-2026-45089

Name of the Vulnerable Software and Affected Versions Spectra Gutenberg Blocks – Website Builder for the Block Editor versions prior to 2.19.26 Description The plugin is susceptible to Remote Code Execution, allowing authenticated attackers with Contributor-level access or higher to execute code ...

WordPress plugin Spectra Gutenberg Blocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...