CVE-2025-47443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through = 2.7.4...

CVE-2025-47443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through = 2.7.4...

PT-2025-20081 · WordPress · Wpdevart Widget Countdown

Name of the Vulnerable Software and Affected Versions: wpdevart Widget Countdown versions n/a through 2.7.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

CVE-2022-47603

Unauth. Reflected Cross-Site Scripting XSS vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin = 2.0.1 versions...

CVE-2024-30550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

CVE-2024-35750

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

CVE-2025-24719

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through = 2.7.1...

PT-2025-5533 · Wpdevart · Wpdevart Widget Countdown

Name of the Vulnerable Software and Affected Versions: wpdevart Widget Countdown versions n/a through 2.7.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

CVE-2023-45631

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

CVE-2024-10856

The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the id parameter in the “wpdevartbookingcalendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the...

CVE-2024-10856

CVE-2024-10856 affects the Booking Calendar WpDevArt plugin for WordPress, up to version 3.2.19. The flaw is a time-based, blind SQL injection via the id parameter in the shortcode wpdevart_booking_calendar, conditioned on the theme option delete_prev_date being enabled. The issue arises from ins...

CVE-2024-10856 Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection

The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the id parameter in the “wpdevartbookingcalendar” shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the...

CVE-2023-24407

Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

CVE-2023-24407

Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

CVE-2023-24407

CVE-2023-24407 affects the WordPress plugin Booking calendar, Appointment Booking System (versions

CVE-2024-37542

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

CVE-2024-37542

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

CVE-2024-37542

Affects WordPress plugin WpDevArt Responsive Image Gallery, Gallery Album (versions through 2.0.3). The issue is a Missing Authorization vulnerability likely causing Broken Access Control, enabling unauthorized access to restricted resources. Affected component: the plugin’s access control mechan...

PT-2024-27640 · Wpdevart · Wpdevart Responsive Image Gallery

Name of the Vulnerable Software and Affected Versions: WpDevArt Responsive Image Gallery, Gallery Album versions through 2.0.3 Description: The issue is related to a Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album. Recommendations: For versions through 2.0....

CVE-2024-35750

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...