homepage

CVE-2025-46533
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n/a through 0.8.
Ver mais

CVE-2025-39431
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n/a through 2.2.
Ver mais

CVE-2025-39417
Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0.
Ver mais

CVE-2025-32630
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Reflected XSS. This issue affects WP-BusinessDirectory: from n/a through 3.1.2.
Ver mais

CVE-2025-32592
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Stored XSS. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.3.
Ver mais

CVE-2025-32520
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition – Integrated with Google Page Speed allows Reflected XSS. This issue affects WordPress Health and Server Condition – Integrated with Google Page Speed: from n/a through 4.1.1.
Ver mais

CVE-2025-27291
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxgallery WordPress Photo Gallery – Image Gallery allows Reflected XSS. This issue affects WordPress Photo Gallery – Image Gallery: from n/a through 2.0.4.
Ver mais

CVE-2025-24651
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration allows Retrieve Embedded Sensitive Data. This issue affects WordPress Backup & Migration: from n/a through 1.5.3.
Ver mais

CVE-2025-23906
Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.
Ver mais

CVE-2025-24548
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Autoglot Autoglot – Automatic WordPress Translation allows Reflected XSS. This issue affects Autoglot – Automatic WordPress Translation: from n/a through 2.4.7.
Ver mais

CVE-2025-39545
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3.
Ver mais

CVE-2025-32629
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Path Traversal. This issue affects WP-BusinessDirectory: from n/a through 3.1.2.
Ver mais

CVE-2025-32569
Deserialization of Untrusted Data vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Object Injection. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.2.
Ver mais

CVE-2025-31015
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! — MailHawk: from n/a through 1.3.1.
Ver mais

CVE-2025-32202
Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025.
Ver mais

CVE-2025-32581
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker allows Stored XSS. This issue affects WordPress Spam Blocker: from n/a through 2.0.4.
Ver mais

CVE-2025-32597
Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily allows Cross-Site Scripting (XSS). This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through 1.4.8.
Ver mais

CVE-2025-31035
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md – The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md – The Perfect WordPress Markdown Editor: from n/a through 10.2.1.
Ver mais

CVE-2025-32267
Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media – WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media – WordPress to Hootsuite: from n/a through 1.5.8.
Ver mais

CVE-2025-32257
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. This issue affects 1 Click WordPress Migration: from n/a through 2.2.
Ver mais

CVE-2025-32238
Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.2.
Ver mais

CVE-2025-32218
Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4.
Ver mais

CVE-2025-32200
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Nikita Advanced WordPress Backgrounds allows Code Injection. This issue affects Advanced WordPress Backgrounds: from n/a through 1.12.4.
Ver mais

CVE-2025-32172
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS. This issue affects YaMaps for WordPress: from n/a through 0.6.31.
Ver mais

CVE-2025-32166
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Housholder Emma for WordPress allows Stored XSS. This issue affects Emma for WordPress: from n/a through 1.3.3.
Ver mais

CVE-2025-2075
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.
Ver mais

CVE-2025-31441
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria allows Reflected XSS. This issue affects WordPress Galleria: from n/a through 1.4.
Ver mais

CVE-2025-31846
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7.
Ver mais

CVE-2025-31848
Missing Authorization vulnerability in WPFactory WordPress Adverts Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Adverts Plugin: from n/a through 1.4.
Ver mais

CVE-2025-31843
Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through 2.1.5.
Ver mais

CVE-2025-31776
Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.
Ver mais

CVE-2025-31735
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in C. Johnson Footnotes for WordPress allows Stored XSS. This issue affects Footnotes for WordPress: from n/a through 2016.1230.
Ver mais

CVE-2025-30796
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended allows Reflected XSS. This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through 3.0.14.
Ver mais

CVE-2025-30559
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Kento WordPress Stats allows Stored XSS. This issue affects Kento WordPress Stats: from n/a through 1.1.
Ver mais

CVE-2025-31616
Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7.
Ver mais

CVE-2025-31597
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazycric Ultimate Live Cricket WordPress Lite allows Stored XSS. This issue affects Ultimate Live Cricket WordPress Lite: from n/a through 1.4.2.
Ver mais

CVE-2025-31585
Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress allows Cross Site Request Forgery. This issue affects Leadfox for WordPress: from n/a through 2.1.8.
Ver mais

CVE-2025-31569
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails allows Stored XSS. This issue affects wordpress related Posts with thumbnails: from n/a through 3.0.0.1.
Ver mais

CVE-2025-31562
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows DOM-Based XSS. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.
Ver mais

CVE-2025-31547
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows SQL Injection. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.
Ver mais

CVE-2025-22634
Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through 2.4.5.
Ver mais

CVE-2025-22644
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1.
Ver mais

CVE-2025-28928
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google recaptcha for wordpress allows Reflected XSS. This issue affects Are you robot google recaptcha for wordpress: from n/a through 2.2.
Ver mais

CVE-2025-30608
Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2.
Ver mais

CVE-2025-30609
Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps: from n/a through 1.4.3.
Ver mais

CVE-2025-30552
Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n/a through 3.3.5.
Ver mais

CVE-2025-28914
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Sharma wordpress login form to anywhere allows Stored XSS. This issue affects wordpress login form to anywhere: from n/a through 0.2.
Ver mais

CVE-2025-23843
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphrmanager WP-HR Manager: The Human Resources Plugin for WordPress allows Reflected XSS. This issue affects WP-HR Manager: The Human Resources Plugin for WordPress: from n/a through 3.1.0.
Ver mais

CVE-2025-26913
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webandprint AR For WordPress allows DOM-Based XSS. This issue affects AR For WordPress: from n/a through 7.7.
Ver mais

CVE-2025-27265
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress allows DOM-Based XSS. This issue affects Google Maps for WordPress: from n/a through 1.0.3.
Ver mais

CVE-2025-27013
Missing Authorization vulnerability in EPC MediCenter - Health Medical Clinic WordPress Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MediCenter - Health Medical Clinic WordPress Theme: from n/a through n/a.
Ver mais

CVE-2025-22676
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted allows Stored XSS. This issue affects AWS S3 for WordPress Plugin – Upcasted: from n/a through 3.0.3.
Ver mais

CVE-2025-23657
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress-to-candidate for Salesforce CRM allows Reflected XSS. This issue affects WordPress-to-candidate for Salesforce CRM: from n/a through 1.0.1.
Ver mais

CVE-2025-23428
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound QMean – WordPress Did You Mean allows Reflected XSS. This issue affects QMean – WordPress Did You Mean: from n/a through 2.0.
Ver mais

CVE-2025-23492
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 allows Reflected XSS. This issue affects WordPress 淘宝客插件: from n/a through 1.1.2.
Ver mais

CVE-2022-3180
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.
Ver mais

CVE-2025-0169
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Ver mais

CVE-2025-25077
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3.
Ver mais

CVE-2025-23614
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nik Sudan WordPress Additional Logins allows Reflected XSS. This issue affects WordPress Additional Logins: from n/a through 1.0.0.
Ver mais

CVE-2025-23588
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WOW WordPress WOW Best CSS Compiler allows Reflected XSS. This issue affects WOW Best CSS Compiler: from n/a through 2.0.2.
Ver mais

CVE-2025-22704
Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1.
Ver mais

CVE-2025-24563
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGlow Cleanup – Directory Listing & Classifieds WordPress Plugin allows Reflected XSS. This issue affects Cleanup – Directory Listing & Classifieds WordPress Plugin: from n/a through 1.0.4.
Ver mais

CVE-2025-24659
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6.
Ver mais

CVE-2025-24666
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeIsle AI Chatbot for WordPress – Hyve Lite allows Stored XSS. This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through 1.2.2.
Ver mais

CVE-2025-24652
Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6.
Ver mais

CVE-2025-24588
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.
Ver mais

CVE-2024-13698
The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key.
Ver mais

CVE-2025-23931
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3.
Ver mais

CVE-2025-23867
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress File Search allows Reflected XSS. This issue affects WordPress File Search: from n/a through 1.2.
Ver mais

CVE-2025-23535
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n/a through 0.1.
Ver mais

CVE-2025-22735
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups allows Reflected XSS. This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.4.
Ver mais

CVE-2024-49333
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
Ver mais

CVE-2024-49300
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
Ver mais

CVE-2024-49303
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
Ver mais

CVE-2025-23961
Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8.
Ver mais

CVE-2025-23913
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1.0.
Ver mais

CVE-2025-23912
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3.
Ver mais

CVE-2025-23828
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n/a through 8.
Ver mais

CVE-2025-23842
Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through 1.4.
Ver mais

CVE-2025-23823
Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through 1.0.1.
Ver mais

CVE-2025-23510
Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through 1.5.4.
Ver mais

CVE-2025-23435
Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0.
Ver mais

CVE-2025-23423
Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4.
Ver mais

CVE-2025-0170
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Ver mais

CVE-2025-22762
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin – Octrace Support allows Stored XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through 1.2.7.
Ver mais

CVE-2025-22813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChatBot for WordPress - WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.4.2.
Ver mais

CVE-2025-22802
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail: from n/a through 2.1.4.
Ver mais

CVE-2025-22503
Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress – enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through 1.0.13.
Ver mais

CVE-2025-22349
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.
Ver mais

CVE-2025-22336
Cross-Site Request Forgery (CSRF) vulnerability in WordPress 智库 Wizhi Multi Filters by Wenprise allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through 1.8.6.
Ver mais

CVE-2025-22298
Missing Authorization vulnerability in Hive Support Hive Support – WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.6.
Ver mais

CVE-2024-56302
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ConvertCalculator ConvertCalculator for WordPress allows Stored XSS.This issue affects ConvertCalculator for WordPress: from n/a through 1.1.1.
Ver mais

CVE-2024-56245
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.42.
Ver mais

CVE-2024-56022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n/a through 1.2.3.
Ver mais

CVE-2023-46644
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.
Ver mais

CVE-2023-45636
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.1.
Ver mais

CVE-2018-25106
A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patch is named 41230a81db0f671c570c2644bc2f80565ca83c5a. It is recommended to apply a patch to fix this issue.
Ver mais

CVE-2024-55998
Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36.
Ver mais

CVE-2024-54391
Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1.
Ver mais

CVE-2024-54384
Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3.
Ver mais