264071 matches found
PT-2026-45710
Name of the Vulnerable Software and Affected Versions DeMomentSomTres Shortcodes versions prior to 1.1.2 Description The DeMomentSomTres Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the st callout function fails to properly sanitize input and...
CVE-2026-9048
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...
CVE-2026-9048
The Slider Revolution WordPress plugin is affected (versions 7.0.0–7.0.14). The vulnerability arises in the slider.get.full AJAX action, enabling authenticated attackers with Contributor-level access and higher to expose sensitive data stored in slider settings. Exposed data includes raw social m...
CVE-2026-9050 Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation
The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-9050 Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation
The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-9050
The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-9050
The CVE-2026-9050 entry concerns the Slider Revolution WordPress plugin. Affected versions are 6.0.0–6.7.55 and 7.0.0–7.0.14. The root cause is improper verification of user authorization, allowing authenticated attackers with Contributor-level access or higher to perform actions they should not ...
CVE-2018-25434
WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpaskeys parameter. Attackers can send GET requests to autosuggest.php with crafted wpaskeys values to extract sensitive...
CVE-2018-25434 WP AutoSuggest 0.24 SQL Injection via autosuggest.php
WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpaskeys parameter. Attackers can send GET requests to autosuggest.php with crafted wpaskeys values to extract sensitive...
CVE-2018-25434
WP AutoSuggest 0.24 is affected by an unauthenticated SQL injection in the wpas_keys parameter of autosuggest.php. An attacker can send crafted GET requests to extract sensitive data from WordPress posts and other tables. Root cause is unsafely injected wpas_keys handling in the plugin’s autosugg...
CVE-2018-25434 WP AutoSuggest 0.24 SQL Injection via autosuggest.php
WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpaskeys parameter. Attackers can send GET requests to autosuggest.php with crafted wpaskeys values to extract sensitive...
WordPress Tiled Gallery Carousel Without JetPack plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Tiled Gallery Carousel Without JetPack versions = 3.1...
WordPress Easy Cart plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Easy Cart versions = 1.8...
WordPress ZeM STL plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin ZeM STL versions = 1.0...
WordPress BirdSeed plugin <= 2.2.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BirdSeed versions = 2.2.0...
WordPress Word Replacer plugin <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by san6051 - COFFSec in WordPress Plugin Word Replacer versions = 0.4...
WordPress WP Nano AD plugin <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by siyuan shao in WordPress Plugin WP Nano AD versions = 1.31...
WordPress DeMomentSomTres Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin DeMomentSomTres Shortcodes versions = 1.1.1...
WordPress Remove NoFollow Commenter URL plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Remove NoFollow Commenter URL versions = 1.0...
WordPress Google Plus One Bottom plugin <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by swat in WordPress Plugin Google Plus One Bottom versions = 0.0.2...