264848 matches found
WordPress plugin Slider Revolution 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
WordPress plugin BookIt 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Wallet System for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin ARMember Premium SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin ARMember Premium 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-45887
Name of the Vulnerable Software and Affected Versions Passeum Ticketing versions prior to 1.1 Description The plugin is subject to Stored Cross-Site Scripting. This occurs because the get shop url method returns the shop name setting value without sanitization when it starts with "http", and the...
PT-2026-45713
Name of the Vulnerable Software and Affected Versions Laiser Tag versions prior to 1.2.6 Description The Laiser Tag plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into executing unwanted actions. This occurs due to missing or incorrect...
PT-2026-45698
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
PT-2026-45710
Name of the Vulnerable Software and Affected Versions DeMomentSomTres Shortcodes versions prior to 1.1.2 Description The DeMomentSomTres Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the st callout function fails to properly sanitize input and...
PT-2026-45694
The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...
PT-2026-45703
The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2026-45700
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
PT-2026-45711
Name of the Vulnerable Software and Affected Versions JTL-Connector for WooCommerce versions prior to 2.4.2 Description The plugin contains missing authorization due to a lack of capability checks and nonce verification. This allows authenticated attackers with Subscriber-level access or higher t...
VulnCheck KEV: CVE-2026-8206
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugin accepting an arbitrary email address when a username is used in the password reset request. Thi...
WordPress plugin Content Visibility for Divi Builder 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-45715
Name of the Vulnerable Software and Affected Versions Remove NoFollow Commenter URL versions prior to 1.1 Description The plugin is subject to Cross-Site Request Forgery due to missing or incorrect nonce validation in the gmz comment settings save function. This allows unauthenticated attackers t...
PT-2026-45844
Name of the Vulnerable Software and Affected Versions ARMember Premium versions prior to 7.3.2 Description An issue exists where unauthenticated attackers can append additional SQL queries to existing ones to extract sensitive information from the database. This occurs due to insufficient escapin...
PT-2026-45726
Name of the Vulnerable Software and Affected Versions Tiled Gallery Carousel Without JetPack versions prior to 3.2 Description The plugin is subject to stored cross-site scripting due to insufficient input sanitization and output escaping. Authenticated attackers with contributor level access or...
PT-2026-45693
Name of the Vulnerable Software and Affected Versions Kirki versions 6.0.0 through 6.0.6 Description The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress contains a flaw allowing unauthenticated privilege escalation and account takeover. The issue occurs because th...
CVE-2026-9048
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...