WordPress Animation Addons for Elementor plugin <= 2.6.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zer0gh0st in WordPress Plugin Animation Addons for Elementor versions = 2.6.8...

PT-2026-47684

Name of the Vulnerable Software and Affected Versions 6Storage Rentals versions prior to 2.22.1 Description An authorization bypass exists in the 6Storage Rentals plugin for WordPress. Unauthenticated attackers can read and modify arbitrary tenant profile data, including names, email addresses,...

📄 Quick Playground for WordPress 1.3.1 Shell Upload

Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 —...

WordPress plugin KittyCatfish SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Subscription Pack Cancellation vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.3.2...

WordPress Blocksy theme <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.41...

WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...

WordPress MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Faizan Shaik in WordPress Plugin MailerPress versions = 2.0.4...

WordPress kk blog card plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin kk blog card versions = 1.3...

WordPress jQuery Hover Footnotes plugin <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by nishida azuka in WordPress Plugin jQuery Hover Footnotes versions = 1.4...

WordPress jQuery Hover Footnotes plugin <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by nishida azuka in WordPress Plugin jQuery Hover Footnotes versions = 1.4...

WordPress TinyMCE shortcode Addon plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin TinyMCE shortcode Addon versions = 1.0.0...

WordPress Global Body Mass Index Calculator plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Global Body Mass Index Calculator versions = 1.2...

WordPress WP ApplicantStack Jobs Display plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WP ApplicantStack Jobs Display versions = 1.1.1...

WordPress RomanCart Ecommerce plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin RomanCart Ecommerce versions = 2.0.8...

WordPress WP Meta Sort Posts plugin <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin WP Meta Sort Posts versions = 0.9...

WordPress WP Emoticon Rating plugin <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Emoticon Rating versions = 1.0.1...

WordPress WpMobi plugin <= 0.0.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WpMobi versions = 0.0.3...

WordPress WP-Ultimate-Map plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP-Ultimate-Map versions = 1.1...

WordPress FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin <= 1.0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin FastPicker, an order picker and order management system oms for WooCommerce on steroids versions = 1.0.2...