WordPress Booking Calendar <3.2.2 - Arbitrary File Upload

WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify...

WordPress Gallery <2.0.0 - Cross-Site Scripting

WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users. id: CVE-2022-1946 info: name: WordPres...

AP Pricing Tables Lite <= 1.1.6 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...

WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting

WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing unauthenticated users to call...

CVE-2026-24597

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5...

EUVD-2026-31742

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5...

PT-2026-43129

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5...

PT-2026-27946

Name of the Vulnerable Software and Affected Versions wpdevart Booking calendar, Appointment Booking System versions n/a through 3.2.36 Description The software contains a flaw related to improper handling of user-supplied data during web page creation, which could allow for cross-site scripting...

CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Countdown Timer – Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdevartcountdown' shortcode in all versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2023-45629

Cross-Site Request Forgery CSRF vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin = 2.0.3 versions...

CVE-2023-45631

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

CVE-2023-45630

Unauth. Stored Cross-Site Scripting XSS vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin = 2.0.3 versions...

WordPress YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.7 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin YouTube Embed, Playlist and Popup by WpDevArt versions = 2.6.7...

CVE-2025-67574

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.30...

EUVD-2025-201947

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.30...

CVE-2025-62886

Cross-Site Request Forgery CSRF vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through = 1.5.3...

EUVD-2025-36051

Cross-Site Request Forgery CSRF vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through = 1.5.1...

CVE-2025-62886

Cross-Site Request Forgery CSRF vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through = 1.5.3...

EUVD-2018-2437

Malware in sbrugna...

EUVD-2022-37608

Malicious code in bioql PyPI...